Social engineering is a technique used by criminals and cyber-crooks to trick users into revealing confidential information. The data obtained is then used to gain access to systems and carry out actions to the detriment of the person or organization whose data has been revealed.
This practice basically exploits the trust that the user unwittingly places in the criminals, who often pose as a company employee, colleague, friend or boss. Under the guise of checking or protecting the user’s information, the criminals ask for confidential information which can then be used to steal the victim’s identity, money, etc.
How does social engineering work?
Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the ‘weakest link in the security chain’.
Users are normally targeted in two ways: either over the phone or online.
- By phone, criminals pose as employees of a company or organization, say a bank or ISP, and after going through some typical questions and statements in order to gain the trust of the potential victim, they will then ask for login credentials and passwords.
- The most common fraud technique on the Internet is phishing. In this technique, users reveal data because they think they are on a trusted website. Another way that social engineering is used online is using attachments to emails from people known to the victim. Malware is used to attack users’ address book sand send emails –with the attacker’s file attached- to all their contacts.
How to avoid falling victim to social engineering
First and foremost, to prevent data theft through social engineering be wary and use common sense:
- Never reveal your passwords or login credentials to anyone. If a legitimate technician needs to access your account or information, they should be able to do this without needing you to give them your details.
- When you enter your details on a website, make sure the URL is correct.
- Never open strange-looking files or attachments, even if they come from someone you know.
Many infamous viruses such as ‘I Love You’, the NeverQuest Trojan or Blaster have used social engineering to spread to millions of computers, and other scams, including the Whatsapp premium messages scam, also use this method to gain the trust of the victim.
Has anyone tried to scam you with social engineering?