Do you know what social engineering looks like?

You may have heard the term thrown around. You may have read an article online or watched a brief report on the news about it. But how much do you know about social engineering? Have you experienced it? While we all like to think that we're pretty savvy to the ways of cybercriminals, could social engineering still become a concern for you? Do you know how to protect yourself from the potential risks associated with social engineering?

Just what is social engineering?

Social engineering is the process of targeted manipulation that aims to get individuals to share confidential information with fraudsters. Of course, the type of information that these cybercriminals are looking for can vary. Quite often, however, they're looking for information that will allow them to access your bank accounts, social media accounts, or even the network you connect to at work.

Think of social engineering as a fraudster essentially hacking you to gain access to the knowledge you have. A social engineering attack can occur online, whether through email or social media or in person. For example, you may meet someone interested in gaining access to your financial accounts and even your business connections.

Social engineering attacks are established around how you act and think. They are exceedingly helpful for the manipulation of an individual's behavior. Once a fraudster can understand what is motivating your actions, they will manipulate you almost effortlessly. In addition, a fraudster may exploit a lack of knowledge about the type of threats and the potential value of personal data. After all, who will want to know the name of the street I grew up on! Or who is genuinely going to want to know the color of your very first car? Don't underestimate the info you have. Much of it could be used very quickly to compromise an account.

There are two goals to a social engineering attack.

  1. The fraudsters get their hands on access to systems, personal info, and money.
  2. The fraudsters set up to corrupt or delete data to cause an inconvenience to a business or to see their reputation suffer in the public eye/

For most of us, fraudsters will be interested in gaining access to accounts that offer them a financial incentive.

Just how does it work?

The majority of social engineering relies on conversations and communication between victims and fraudsters. The fraudsters will find ways to motivate their targets to compromise their personal data, which is different from so-called brute force methods.

There are several steps to a social engineering attack.

Step 1: The fraudster will do his homework on the intended target. They'll gather information about you that's available to the public. This could include information you share in online groups or on your profiles.

Step 2: The fraudster will find a way to establish trust with the victim, to start a friendly relationship.

Step 3: Once trust has been established, the fraudster will start to look for weaknesses to advance the attack.

 

It could take a single email. It could take several months, drawn out over several conversations on social media or through another communication platform. The fraudster will lead you to believe that they are a friend and a trusted confidante. It will all come to a swift conclusion once you share your personal info or open up your system to malware.

Social engineering can also have a strong element of confusion with it. For example, many victims aren't aware that it just takes a few pieces of personal information for a hacker to gain access to multiple accounts and networks.

Fraudsters will play into the emotions of their targets. For example, they could mislead you into feeling a sense of urgency or sadness that inadvertently motivates you to compromise yourself and your personal information.

Protecting yourself against social engineering

While fraudsters can target you in person, it's the online world where you are most vulnerable. Emails, text messages, and social media are commonly used platforms for fraudsters to reach out.

There are a few steps that you can take to help protect yourself.

  • Don't click on links you get through messages or emails even if you know the sender or think you know them. Likewise, never enter in login credentials on a website unless you have verified that it is legitimate.
  • When possible, use multi-factor authentication (MFA).
  • Choose a strong password that you haven't used anywhere else.
  • Don't publicly share your pets' names, children, city of birth, and other personal information that could be the answer to a security question or even a part of a password.
  • In an increasingly digital world, it's easy to establish a connection with people we've never met in person. That said, be careful when you are building friendships with people you've never met in person.
  • Use a VPN when connecting to work.
  • Keep your personal and work devices secured.
  • Ensure you have a robust internet security solution installed that can help to protect your devices against Trojans and other viruses.

If you get any messages from people claiming to be offering you a substantial financial windfall, there are good odds it's a scam. While it would be lovely if someone randomly gave you a few million, it's almost certainly just a scam to take your money. Likewise, if a friend or family member messages you through social media and claims to be in crisis, there are good odds that they are not the ones messaging you. Always check and verify that you are, in fact, talking to the person they are claiming to be. A fraudster could be pretending to be your child or your sibling, lost or stranded, or injured in a hospital, and in dire need of money to help them get home. These prevalent scams pull at your heartstrings and play on a sense of urgency to help your loved one.

Be aware of who you are speaking with when you're interacting with people online. Don't answer unusual questions and if something feels off, trust your instincts.

Do you suspect you've been the target of social engineering?

What should your next steps be if you suspect that you are a victim of cybercriminals? It will depend on the type of information you have shared.

Do you think that your bank accounts, credit card accounts, or store credit cards have been compromised? Contact the relevant companies right away so that they can deactivate any cards, close the accounts, and take steps to protect you. In addition, if there are any unauthorized charges, they may be able to refund your account.

If you feel as though the fraudsters have received sensitive information about the company you work for, you should alert the appropriate individuals and departments within the company. This should include network admins who can be made aware of any suspicious happenings.

Keep a close eye on your credit report to see if any suspicious activity takes place.

 

You can protect yourself against social engineering with an awareness of what it is, what the fraudster's end game is, and by keeping close your personal information. Join us in November for a deep dive into social engineering, with our upcoming white paper on the very same topic. We can't wait for you to read it.