Social Engineering is a concept that has been plaguing the general public for some time now. What is social engineering? Social engineering is a tactic used to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. It relies on psychological manipulation, exploiting human weaknesses—such as trust, fear, curiosity, and even love—rather than technical hacking techniques to gain unauthorized access to valuable information, systems, or facilities. Social engineers exploit the natural tendency of a person to trust their word, rather than relying on the vulnerability of software or hardware. Below are common social engineering attacks and how to combat them.
Phishing: Sending emails that appear to be from trusted sources to trick recipients into revealing personal information or clicking on malicious links. You can prevent a phishing attack by being skeptical of unsolicited communications, verifying the source before clicking on links or attachments, and using multi-factor authentication wherever possible.
Baiting: Offering something enticing to a person, such as free software downloads, to trick them into installing malware or revealing personal data. Very similar to the phishing attack when it comes to preventive measures. If it is too good to be true, it most likely is not true.
Vishing (Voice Phishing): Using phone calls to trick individuals into disclosing sensitive information by pretending to be from a legitimate company or authority. This attack is one of the most common methods. You can help prevent this method by verifying who is on the phone. If in doubt, tell them that you will call them back, research the phone number of the actual company, and call that number (do NOT call the number that they give you).
Smishing: involves sending fraudulent text messages designed to deceive recipients into divulging personal information, clicking on malicious links, or performing actions that compromise their security. Do NOT click on the links or download any additional apps from an unknown text.
Sexting: it's the act of sending sexually explicit photographs, videos, or messages via mobile phones or any digital device to a person. Unfortunately, a lot of kids suffer from this attack. To mitigate this risk, educate yourself and your family, and do NOT send pictures of yourself to anyone. The attacker will infiltrate your social media groups to try to get you.