Pinterest Stumbleupon Whatsapp
Ads by Google

Software can only get you so far. You can protect your passwords, install antivirus software, set up a firewall, but ultimately there is always a weak link.

People.

A whole sector of hacking has developed around the human aspect of security known as Social Engineering What Is Social Engineering? [MakeUseOf Explains] What Is Social Engineering? [MakeUseOf Explains] You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room - but how... Read More . Using a combination of technical hacking and interpersonal skills, with a large dose of manipulation, the social engineer — who might also work as a hacker, or in tandem with one — hopes to extract private or confidential information from a target. People have manipulated and lied to others for many, many years but Social Engineering does this with a specific aim of creating an environment where people will expose personal information.

While these techniques are often performed in order to break into a company, it can be used on individuals, especially high profile ones. If you are being targeted – how would you know? What social engineering techniques would a hacker use and how would you protect yourself from them? Let’s take a look at some of the most common methods of attack.

1. Phishing

Social-Engineer.org describes phishing as “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.”

Ads by Google

Phishing-Shutterstock

The most common examples of this are the infamous Nigerian bank account emails Top 5 Internet Fraud & Scams Of All Time Top 5 Internet Fraud & Scams Of All Time Read More , along with “Urgent: You are entitled to a Tax Refund”.

How To Protect Yourself

  • Don’t click on links in emails. If you have any doubt about the safety of the email then do not click on any links — even if they look legitimate How to Spot a Phishing Email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More . It’s easier to hover over the link and see if it directs to the correct site on desktop than mobile but the best solution is to just manually navigate to the website itself and log in directly than using the provided URL.
  • Don’t download attachments. The easiest way to infect your device with malware is to download email attachments. Most web based mail clients will scan attachments to let you know if they are safe, but this isn’t foolproof. If you do download an attachment, make sure to scan it with an antivirus software before opening. If the file extension isn’t what you expected then do not open it as some malware can be disguised as “Document.pdf.exe”. To be on the safe side — never open (or download) “.exe” attachments.
  • Check the Sender’s address. On mobile this can be tricky to do, and attackers know this and are increasingly building this into their attacks. A common example is a sender listed as “Paypal” but the address may look like “paypal@hotmail.com” or “contact@paypalpay.com”. If it looks unusual, then don’t click on any links or download attachments.

2. Vishing

Vishing is phishing but performed over the phone New Phishing Techniques To Be Aware of: Vishing and Smishing New Phishing Techniques To Be Aware of: Vishing and Smishing Vishing and smishing are dangerous new phishing variants. What should you be looking out for? How will you know a vishing or smishing attempt when it arrives? And are you likely to be a target? Read More . This can be very effective as talking to an actual human can put people in a sense of ease, as long as the right rapport is made.

Vishing_Shutterstock

A common example is a call from “tech support” who then ask you to verify your password or other confidential information.

How To Protect Yourself

  • Verify the caller’s ID. If someone claims to be calling from your bank, look out for their security checks, like mentioning certain things from your account. Get a full name, department and branch. Make sure you feel confident that they are who they say they are.
  • Get contact information. Ask them for their contact information, try to verify it online and say that you will call them back. This gives you time to authenticate them.
  • Be wary of personable callers. While some people are just nice and genuinely fun to talk to, this can also be part of the social engineer’s toolkit to make you feel at ease and more likely to disclose information. If the call has given you any reason to be suspicious then be skeptical of the caller.

3. Social Media

How often do you Google yourself? Go on — no, really — how often? And what comes up when you do? Probably your Twitter, LinkedIn, Facebook, Foursquare accounts. Switch the search to images and you’ll find that grainy picture from your old MySpace or Bebo profile.

Social_Media-Shutterstock

Now, consider what information you get from those links — approximate (or detailed) location, places you visit, friends list, place of work and more. It can be pretty terrifying just how much information you post — even when you don’t mean to.

How To Protect Yourself

  • Think before you post. Are you posting something you didn’t mean to, like geotagging your photo, or is there sensitive or identifying information in the background of a photo?
  • Adjust those privacy settings. We all know that social networks love us to share everything with everyone – that’s why Facebook’s privacy settings are so complicated 8 Things to Do in an Hour to Wrestle Back Privacy from Facebook 8 Things to Do in an Hour to Wrestle Back Privacy from Facebook We all know that Facebook guzzles as much of your information as it can. But how can you get control of your privacy again? Quitting Facebook is an option, but other options are available. Read More , but these settings are there for a reason. Make sure that you only post to people you want to see your post. Cull “friends” that you don’t know. This is really important on Facebook which is a network where you are actively encouraged to overshare Facebook Privacy: 25 Things The Social Network Knows About You Facebook Privacy: 25 Things The Social Network Knows About You Facebook knows a surprising amount about us – information we willingly volunteer. From that information you can be slotted into a demographic, your "likes" recorded and relationships monitored. Here are 25 things Facebook knows about... Read More .
  • Prevent Search Engine Indexing. If you want to stop your Pinterest account from showing up in search results alongside your LinkedIn, then head into the settings and disable Search Engine Indexing. Most of the major social networks have this option.
  • Go Private. Think about if you really need your Instagram and Twitter accounts to be public.
  • Think if you need to post. Just because the option to post is there, doesn’t mean you have to. This not only prevents you from over sharing publicly but can also help you create a better relationship with technology.

4. Dumpster Diving

An unfortunate truth is that even in our modern world we still get confidential information (medical records, bank statements) or spam in our (physical) mail boxes. And what about those documents you brought home from work to edit before the next big meeting? Did you just put them in the trash when you are done with them? This is a treasure chest to the budding social engineer.

In certain situations they may choose to “dumpster dive” where they rifle through rubbish to find information that they can use about you.

How To Protect Yourself

AmazonBasics 12-Sheet Cross-Cut Paper, CD, and Credit Card Shredder AmazonBasics 12-Sheet Cross-Cut Paper, CD, and Credit Card Shredder Cross-cut paper shredder with 12-sheet capacity; destroys credit cards, CDs, and DVDs (one at a time) Buy Now At Amazon $40.79
  • Move online (If you can). There are some insecure things on the internet but one thing it doesn’t do is generate paperwork for you. As smartphones and the internet generally have become more ubiquitous banks and other utilities have started moving online. If your provider allows for online statements, then turn these on.
  • Keep confidential information safe. It may seem old fashioned but if you need to keep paper copies of private or confidential information, keep them behind lock and key in a safe.

5. Baiting

Appealing to people’s curiosity (or sense of greed) is the reason this attack works. The attacker will leave an infected USB, CD, or other physical media and wait for someone to pick it up, insert it into their machine, and become infected.

How To Protect Yourself

  • Don’t pick up (or use) random USBs. I know you may be tempted to see what’s on it, to see if if you can help get it back to its rightful owner. But don’t. It just isn’t worth the risk. If you don’t know what it is, don’t put it in your machine.
  • Install an antivirus. Just in case you do decide to put an unknown device into your computer, make sure you have the best protection you can 5 Best Free Internet Security Suites for Windows 5 Best Free Internet Security Suites for Windows Which security suite do you trust the most? We look at five of the best free security suites for Windows, all of which offer anti-virus, anti-malware, and real-time protection features. Read More . Be aware though that some malware can evade, and even disable, antivirus software.

6. Tailgating

This attack is most often directed at companies, although not exclusively. This is when the attacker will gain entry to a physical space by following or tailgating in behind an authorized person.

How To Protect Yourself

  • Be aware of who is around you. A good attacker won’t stand out, but if someone you don’t recognize turns up one day, then keep your eye on them.
  • Don’t be afraid to question. Tailgating is most common at work, where an attacker is hoping to gain information about the company. Even outside of a work context you still shouldn’t feel afraid to question. If someone follows you into your apartment block then ask them where they are going, and if you can help them find their way. More often than not a Social Engineer will shy away from those questions and may even give up on their attack.

7. Typosquatting

It’s just too easy to misspell a website address. And that’s exactly what the social engineer wants. These attackers claim websites that are similar to popular destinations (think “Amozon” rather than “Amazon”) and then use these pages to either redirect users or capture login information for the real site. Some of the larger sites have already given you a helping hand with this and they redirect misspelt variations of their URL to the correct one.

How To Protect Yourself

  • Pay attention when typing website addresses. I know it can be tempting to rush, especially when you know the website, but always check before you hit enter.
  • Install a good antivirus. Some of the typosquatting sites are going to try and get you to download malware. A good antivirus software will pick up any malicious files — or even websites — before they cause you any harm.
  • Bookmark frequently visited sites. It’s what bookmarks are for Creative Ways You Need to Try to Organize Your Bookmarks Creative Ways You Need to Try to Organize Your Bookmarks But, what really is the best way to save and organize bookmarks? Here are a few creative ways to do so, depending on your style and browser use. Read More . This means that you will always know that you are heading to the real website.

8. Clickjacking

Clickjacking is a technique used to trick a user into clicking on something different than they thought Clickjacking: What Is It, and How Can You Avoid It? Clickjacking: What Is It, and How Can You Avoid It? Clickjacking is difficult to detect and potentially devastating. Here's what you need to know about clickjacking, including what it is, where you'll see it, and how to protect yourself against it. Read More they were.

Clickjacking-Screenshot

An example of this would be if a lolcat video was posted on Facebook that looked like a YouTube video. You click the play button but instead of watching some cats roll around, you end up on a page asking you to download software, or anything other than watching your lolcat video.

How To Protect Yourself

  • Install NoScript. NoScript is a Firefox addon that automatically blocks executable webscript like Flash, Java and Javascript. NoScript has a feature called “ClearClick” which is aimed at preventing clickjacking attacks.
  • Don’t Use In-App Browsers. On mobile it can be harder to perpetrate, and prevent clickjacking. One way of steering clear is to not use in-app web browsers as its the most likely attack point for clickjacking. Stick to your default web browser.

Protect Yourself — But Stay Calm

Although Social Engineering can seem terrifying — someone using human behavior to deceive you into giving away personal or confidential information — but the important thing is to keep a level head about. The risk may always be there, but it’s unlikely to ever happen.

As an individual you have what’s referred to as “privacy through obscurity”, so unless you are a celebrity or head of a large company, then you are unlikely to be specifically targeted. Make sure you keep these habits in mind, but don’t let them control your life. A life spent in a state of constant distrust would be extremely stressful, and a whole lot less enjoyable.

Do you use any of these tips to keep yourself protected? Did you know that there was such a thing as social engineering? Got any suggestions? Let us know in the comments below!

Image Credit: hacker working hard by ra2studio via Shutterstock, Andrey_Popov via Shutterstock.com, Image Credit: wk1003mike via Shutterstock.com, Image Credit: rvlsoft via Shutterstock.com

  1. Dayan Huerta
    June 29, 2016 at 5:44 pm

    Hi, James! This is a great article. Is it possible to get permission from you or MakeUseOf to translate to Mexican Spanish and deploy inside my company? It would be around fifty people. I think this is important information and I would like to share with my coworkers. Thank you in advance! Greetings!

    • James Frew
      July 5, 2016 at 1:41 am

      Hey Dayan, I really appreciate your comment – thanks! As long as you don’t publish it for commercial gain and properly attribute the content back to us then that shouldn’t be a problem. Hope it helps!

      • Dayan Huerta
        July 5, 2016 at 10:06 pm

        Thank you very much, James and MakeUseOf. I will make sure your conditions are met. Greetings!

Leave a Reply

Your email address will not be published. Required fields are marked *