Social Engineering: Protecting Yourself From Scams

Michelle Wilson - May 20, 2020

According to prominent computer hackers, the weakest link in any security system is the human factor. Humans by nature are emotional, sympathetic and can be easily manipulated. The easiest way for a bad actor to bypass security efforts and gain access to sensitive information is to trick someone into sharing their information, eliminating the need for the technical knowledge of complex automated systems and firewalls. This tactic is called Social Engineering.

Social Engineering attackers often pretend to be someone we should trust or know, because we interact with them frequently.

Some Social Engineering Hackers May be:

A Repair Person:

We often invite service people into our homes or work offices without thinking much about it. After all we called this service and asked them to come, right?

Survey Takers:

This seems obvious right? Nope. Where as some of us would never stop and really take a survey, some of us hate confrontation so much that we will just go along with it, in order to not make waves.

New Employee:

Not as uncommon as you would think. Corporate espionage has been around as long as businesses have been competing.

It really can be just about anyone! Within a business setting, they may contact just one person, or may contact multiple people within the organization to gather the information they are looking for. Eventually they have what they need and are able to breach the network and obtain the data.

Since the 1970s Social Engineering has been used in cybercrime. A computer technician working at a bank, as a contractor, once stole a numerical code which he used to authorize wire transfers to an offshore account, stealing $10 million (ouch!). Others have hacked voicemails, copied software or emails, or have manipulated employees into giving them passwords and codes (Yup! That counts too!).

Since then, with the progression of the internet, social media, and with so many ways for people to connect and share, there are constantly new ways to gain people’s trust and attention. Statistically most cyberattacks involve a human user at some point who unknowingly breached security and gave the hacker the access they were looking for.

Although there are countless forms of Social Engineering, most of the time the bad actor sends communication from what looks like a trusted source, like a friend, coworker, or company that is frequented. This communication contains a link, attachment, download, or a request of information that people may not normally share, although it seems okay in this particular situation.

There is no hardware or software that can protect people from human vulnerability, so we cannot completely protect people from social engineering, but we can educate people on social engineering attacks, so they can be avoided or at the very least make them identifiable.

Gone Phishing!

Phishing attacks are very common. This scam is when the attacker, posing as a trustworthy person or organization, sends communication which solicits private information. These often seem really legit, like a bank or financial institution telling the victim that the account has a problem and their password or account number is needed for verification. The attacker can now use this information to gain illegal access to that person’s accounts.

This communication can take the form of a phone call, email, a pop-up, or a combination. It may make the recipient think their computer has a virus to click on a link, or instruct them to call a specified number, or to go to a fraudulent website.

The Common Sense

With the right information, social engineering can be avoided. Be suspicious of communication with those you do not know. Double check email addresses, know for sure who you are opening attachments from. Be wary of communication that instills urgency, and always remember that if it sounds too good to be true, it probably is and it’s probably social engineering!