Defend yourself from Social Engineering Attacks

Defend yourself from Social Engineering Attacks

Defend yourself from Social Engineering Attacks :

  • Social engineering is the practice/art of convincing people to compromise their computer/electronic systems. Rather than targeting equipment or software, scammers/fraudsters target humans who have access to information and manipulate their perceptions and make them divulge information using deception, influence, or persuasion.
  • It's a known fact that hacking Human Mind is far easier than hacking a computer or business. Attackers go after human weakness like fear, greed, trust, desire, ego, sympathy, ignorance, carelessness, and haste.
  • Social engineering attacks can include physical, social, and technical aspects, which are employed in different stages of the particular attack. A number of the ways scammers/fraudsters attack, includes email, instant messaging, phone, social networking, cloud services, and websites.
  • Scammers/fraudsters will use many tools and techniques. What these social engineering methods have in common is that they all attempt to build rapport with victims by creating believable situations, establishing credibility, or creating a sense of urgency.
  • Most of the time people assume it's only the individuals who are prone to social engineering attacks and not the companies, No matter how big or low profile business is, its employees will inevitably receive phishing messages giving scope to companies information systems to be compromised.

Various approaches used by scammers/fraudsters :

  • In-person visits where the attacker impersonates someone in authority or someone with an urgent need
  • False documents intended to deceive.
  • Vishing: Telephone calls where the attacker impersonates someone in authority or someone with an urgent need
  • Phishing: Email messages that are either false in content or false in origin
  • Smishing: Instant messages or SMS text messages with false threats, information, or promises
  • Social Media Phishing: When someone builds a social media page that mimics a trusted brand. The account will try to publish relevant content that persuades you to click and download a malicious file.
  • Reverse Engineering: When someone executes to minor attack on your company to expose a vulnerability, then conflicts you to inform you and offer to “fix” the problem.
  • Quid Pro Quo: Quid pro quo means something for something: When someone calls random numbers at a company, claiming to be calling back from technical support.
  • Baiting: Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim.
  • Typo Squatting: When someone uses common types for brand URL’s and mimics 1he brand to gain trust. The fake website can easily collect form information and an example i.e. www.bankofarnerica.com
  • Friendly Emails: When someone sends you an email either from a hacked friend's account or creates a similar account and uses your friend's name.

Few psychological factors used by scammers/fraudsters are :

  • Trust: Exploiting that impulse is the basis of social engineering.
  • Ignorance: Lack of knowledge about social engineering attacks makes people and organisations vulnerable, pretending they are in a position of authority (like executive or manager of any bank).
  • Fear: People are afraid of loss, and fraudsters exploit people’s fears. For example, they might send a message or make a call warning about the possible loss of employment or money, or access.
  • Greed: Scammers/fraudsters promise rewards in exchange for divulging information, it will be in the form of seeking advance taxes or security deposits or customs fees before they actually receive.
  • Moral duty: People often feel obliged to help scammers/fraudsters when asked for help especially seeking donations during floods or Covid19
  • Urgency: A scammers/fraudsters might call or email in the guise of a high-ranking chief executive officer who requires an urgent transfer of funds, they usually spoofed emails posing as their boss.
  • Panic / Anger: People don’t think clearly when they’re pressured to act quickly. When social engineers call you pretending to support and provide a frantic scenario that compromises your safety (like resetting the expiry date of your credit/debit card)

Share these safety tips to your friends and family members :

  • Be wary of short urls and information requested on google forms from unknown sources
  • Double check a weblink link before clicking or downloading attachments sent by unknown contacts, they will lead to unfamiliar site (Hover over them and check)
  • Never send sensitive, personal, or proprietary information via email, regardless of who is asking for it.
  • You will notice poor spelling and grammar throughout the email or SMS
  • Links / Forms asking for personal information (Passwords & Bank Information)
  • Always check the header of the email for authenticity when some asks to transfer money on a email, even it is from your boss.
  • Never search for customer care numbers on Search Engines - Open the respective app or respective application's website for the correct customer care number.
  • Scanning QR Code or giving OTP, UPIN, Bank Card and CVV number's, Means you are transferring the money from your account and NOT receiving.

Reach us at: support@endnowfoundation.org