Security

How To Protect Yourself From These 8 Social Engineering Attacks

James Frew 29-06-2016

Software can only get you so far. You can protect your passwords, install antivirus software, set up a firewall, but ultimately there is always a weak link.

Advertisement

People.

A whole sector of hacking has developed around the human aspect of security known as Social Engineering What Is Social Engineering? [MakeUseOf Explains] You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room - but how... Read More . Using a combination of technical hacking and interpersonal skills, with a large dose of manipulation, the social engineer — who might also work as a hacker, or in tandem with one — hopes to extract private or confidential information from a target. People have manipulated and lied to others for many, many years but Social Engineering does this with a specific aim of creating an environment where people will expose personal information.

While these techniques are often performed in order to break into a company, it can be used on individuals, especially high profile ones. If you are being targeted – how would you know? What social engineering techniques would a hacker use and how would you protect yourself from them? Let’s take a look at some of the most common methods of attack.

1. Phishing

Social-Engineer.org describes phishing as “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.”

Phishing-Shutterstock

The most common examples of this are the infamous Nigerian bank account emails Top 8 Internet Fraud and Scams of All Time Here are several common examples of online fraud to help you spot internet scams and avoid falling into traps. Read More , along with “Urgent: You are entitled to a Tax Refund”.

How To Protect Yourself

2. Vishing

Vishing is phishing but performed over the phone New Phishing Techniques To Be Aware of: Vishing and Smishing Vishing and smishing are dangerous new phishing variants. What should you be looking out for? How will you know a vishing or smishing attempt when it arrives? And are you likely to be a target? Read More . This can be very effective as talking to an actual human can put people in a sense of ease, as long as the right rapport is made.

Vishing_Shutterstock

A common example is a call from “tech support” who then ask you to verify your password or other confidential information.

How To Protect Yourself

  • Verify the caller’s ID. If someone claims to be calling from your bank, look out for their security checks, like mentioning certain things from your account. Get a full name, department and branch. Make sure you feel confident that they are who they say they are.
  • Get contact information. Ask them for their contact information, try to verify it online and say that you will call them back. This gives you time to authenticate them.
  • Be wary of personable callers. While some people are just nice and genuinely fun to talk to, this can also be part of the social engineer’s toolkit to make you feel at ease and more likely to disclose information. If the call has given you any reason to be suspicious then be skeptical of the caller.

3. Social Media

How often do you Google yourself? Go on — no, really — how often? And what comes up when you do? Probably your Twitter, LinkedIn, Facebook, Foursquare accounts. Switch the search to images and you’ll find that grainy picture from your old MySpace or Bebo profile.

Social_Media-Shutterstock

Now, consider what information you get from those links — approximate (or detailed) location, places you visit, friends list, place of work and more. It can be pretty terrifying just how much information you post — even when you don’t mean to.

How To Protect Yourself

4. Dumpster Diving

An unfortunate truth is that even in our modern world we still get confidential information (medical records, bank statements) or spam in our (physical) mail boxes. And what about those documents you brought home from work to edit before the next big meeting? Did you just put them in the trash when you are done with them? This is a treasure chest to the budding social engineer.

In certain situations they may choose to “dumpster dive” where they rifle through rubbish to find information that they can use about you.

How To Protect Yourself

AmazonBasics 12-Sheet Cross-Cut Paper, CD, and Credit Card Shredder AmazonBasics 12-Sheet Cross-Cut Paper, CD, and Credit Card Shredder Buy Now On Amazon

  • Move online (If you can). There are some insecure things on the internet but one thing it doesn’t do is generate paperwork for you. As smartphones and the internet generally have become more ubiquitous banks and other utilities have started moving online. If your provider allows for online statements, then turn these on.
  • Keep confidential information safe. It may seem old fashioned but if you need to keep paper copies of private or confidential information, keep them behind lock and key in a safe.

5. Baiting

Appealing to people’s curiosity (or sense of greed) is the reason this attack works. The attacker will leave an infected USB, CD, or other physical media and wait for someone to pick it up, insert it into their machine, and become infected.

How To Protect Yourself

6. Tailgating

This attack is most often directed at companies, although not exclusively. This is when the attacker will gain entry to a physical space by following or tailgating in behind an authorized person.

How To Protect Yourself

  • Be aware of who is around you. A good attacker won’t stand out, but if someone you don’t recognize turns up one day, then keep your eye on them.
  • Don’t be afraid to question. Tailgating is most common at work, where an attacker is hoping to gain information about the company. Even outside of a work context you still shouldn’t feel afraid to question. If someone follows you into your apartment block then ask them where they are going, and if you can help them find their way. More often than not a Social Engineer will shy away from those questions and may even give up on their attack.

7. Typosquatting

It’s just too easy to misspell a website address. And that’s exactly what the social engineer wants. These attackers claim websites that are similar to popular destinations (think “Amozon” rather than “Amazon”) and then use these pages to either redirect users or capture login information for the real site. Some of the larger sites have already given you a helping hand with this and they redirect misspelt variations of their URL to the correct one.

How To Protect Yourself

8. Clickjacking

Clickjacking is a technique used to trick a user into clicking on something different than they thought Clickjacking: What Is It, and How Can You Avoid It? Clickjacking is difficult to detect and potentially devastating. Here's what you need to know about clickjacking, including what it is, where you'll see it, and how to protect yourself against it. Read More they were.

Clickjacking-Screenshot

An example of this would be if a lolcat video was posted on Facebook that looked like a YouTube video. You click the play button but instead of watching some cats roll around, you end up on a page asking you to download software, or anything other than watching your lolcat video.

How To Protect Yourself

  • Install NoScript. NoScript is a Firefox addon that automatically blocks executable webscript like Flash, Java and Javascript. NoScript has a feature called “ClearClick” which is aimed at preventing clickjacking attacks.
  • Don’t Use In-App Browsers. On mobile it can be harder to perpetrate, and prevent clickjacking. One way of steering clear is to not use in-app web browsers as its the most likely attack point for clickjacking. Stick to your default web browser.

Protect Yourself — But Stay Calm

Although Social Engineering can seem terrifying — someone using human behavior to deceive you into giving away personal or confidential information — but the important thing is to keep a level head about. The risk may always be there, but it’s unlikely to ever happen.

As an individual you have what’s referred to as “privacy through obscurity”, so unless you are a celebrity or head of a large company, then you are unlikely to be specifically targeted. Make sure you keep these habits in mind, but don’t let them control your life. A life spent in a state of constant distrust would be extremely stressful, and a whole lot less enjoyable.

Do you use any of these tips to keep yourself protected? Did you know that there was such a thing as social engineering? Got any suggestions? Let us know in the comments below!

Image Credit: hacker working hard by ra2studio via Shutterstock, Andrey_Popov via Shutterstock.com, Image Credit: wk1003mike via Shutterstock.com, Image Credit: rvlsoft via Shutterstock.com

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Dayan Huerta
    June 29, 2016 at 5:44 pm

    Hi, James! This is a great article. Is it possible to get permission from you or MakeUseOf to translate to Mexican Spanish and deploy inside my company? It would be around fifty people. I think this is important information and I would like to share with my coworkers. Thank you in advance! Greetings!

    • James Frew
      July 5, 2016 at 1:41 am

      Hey Dayan, I really appreciate your comment – thanks! As long as you don’t publish it for commercial gain and properly attribute the content back to us then that shouldn’t be a problem. Hope it helps!

      • Dayan Huerta
        July 5, 2016 at 10:06 pm

        Thank you very much, James and MakeUseOf. I will make sure your conditions are met. Greetings!