Social engineering primarily represents human and his mistakes. The attacker must possess “social skills” or charisma and gain the trust of the users or the administrators, to obtain permissions with the help of which they will be able to gain control of the victim’s computer or steal personal and financial information. This method is the easiest form of attack.
History:
“Social engineering” attacks appeared a long time ago, even before the era of computers and the Internet. Among the first uses is that of Samuel Williams from 1849, the so-called “confidence man”.
He started by replying: ” Have you confidence in me to trust me with your watch until tomorrow?”. Thus, the world at that time, not knowing these methods, fell into the trap and many were left without their valuable watches.
Another attack of this kind was in 2007, when a mysterious guy stole 21 million euros worth of jewelry and diamonds from ABN Amro Bank, Belgium, without even using a technological tool. He only used his charm, buying chocolate and behaving very nicely with all the employees. In this way, he got the keys to the doors and information about the warehouses.
Then, copying the keys, he entered the bank and left very easily with a bag full of jewelry.
The most used form of social engineering in the field of computers:
You browse the internet, and you get a pop up that your computer is infected with a virus. You will be advised to visit a website or call someone or download an “antivirus” and pay for it. Not only that you downloaded unwanted software, but you have also paid for it.
Types of Social Engineering Attacks
- Phishing: This may be the most common form, phishing involves sending fraudulent emails or messages that look like legitimate entities, trying to make you reveal sensitive information like passwords or financial details.
- Pretexting: Attackers are telling a scenario or pretext to extract information from victims. They could try to pretend that they are a trusted individual or authority.
- Baiting: Like phishing, baiting involves luring targets into a trap by offering something free, like a prize where you’ll need to insert some personal information into a form, or some free software with malware.
- Tailgating: this involves physically following an authorized person into a restricted area, exploiting the tendency to hold the door open for others without verifying their identity.
Social Engineering Prevention
- Don’t open attachments from emails if they come from suspicious sources: Even if you know the sender but the message seems suspicious, it’s best to call the person directly to confirm his intention.
- MFA (Multi-Factor Authentication): Using MFA may protect you from someone that already has your credentials for websites, banking apps, email, etc., by requesting another way to authorize the login after someone successfully entered user and password combination into your digital banking portal.
- Use social media with moderation. Social engineers search the internet for any kind of information they can find about a person. The more information you have posted about yourself, the more likely it is that a criminal can send you a targeted phishing attack.
- Avoid plugging unknown devices into your computer: With so many viruses on every device nowadays, you may connect an unknown USB drive in your PC that will run a malicious software and copy all your sensitive information or infect your PC with malware.
Conclusion
In the era where technology evolves at the speed of light, it is very easy to overlook the human factor in cybersecurity. However, social engineering attacks are growing in numbers and are becoming more and more accurate. By raising awareness and promoting best practices, you can avoid being the next victim.