How to prevent online Social Engineering ?

We all have heard it said during the pandemic," anything

goes". Things have not been normal and people have had

to adjust to ways of acceptance in today’s reality. 

But things don’t or rather cannot remain the same over long.

During the past 18 months, social engineers have had a field

day, with scammers using every one who is vulnerable,and

using every trick in the book to their advantage.

Scammers have tried to entice people to divulge information

about themselves and their friends through unscrupulous

and shady practices on the internet.

We have had phishing, “smishing" and "vishing” with

scammers extorting money by offering home help and other

services by emails,from victims who are the most at risk and

vulnerable, who are housebound or who are indisposed. 

We have seen cybercriminals on the internet sending

carefully worded emails,voicemail or text messages to

convince incapacitated and vulnerable people to transfer

money,provide confidential information or download a file

that installs malware or viruses on their computers or

company network. Scams galore!

They can offer large sums of unclaimed inheritances to

needy, desperate, but financially gullible people as a trade

off shifting of “black money” in return for a percentage

of commission, of the transferred amount. 

Who can fall for the scam? 

In the context of information security, social engineering

is use of deception to manipulate individuals, ordinarily

skeptical people into divulging confidential information,

sometimes without their full knowledge, which is then

used by cyber criminals for blackmail or for fraudulent

purposes. 

Emotional manipulation is the name of the game.

Curiosity is a big part of our human nature. It is how we

as humans evolve,how we grow. It is part of who we are,

But,it is also our common weakness for scammers

to exploit.

Capturing this curiosity is an artform, which is craftily

manipulated. They take advantage of human behaviour

patterns and trick individuals or even firms, into thinking

they are a real deal.  

Hackers use all forms of deception. Fear,greed,curiosity,

helpfulness,and urgency, are some ways they use human

emotion to do their job.

Have you heard of the following techniques?  

Don’t be deceived into handing over voluntarily or without

scruples your personal details or private information, to an

online social engineering "enterprise”. 

“Vishing” is where an urgent and official sounding

voicemail convinces you to become a victim to act quickly

or speedily or else suffer severe consequences,perhaps,

the treat of physical attacks.

They rely on trust to gain physical access to homes and/or

premises or buildings or from the threat of arrest or other

similar risks.

“Tailgating” relies on human trust to give  someone who

purports or trades off, to act as a security official, who is

actually a criminal,who manages by whatever means at

their disposal to physically access a secure building or

access to an area, for unlawful means.

“Pretexting” uses false identity to trick “innocents” or

victims into giving up information fraudulently.

“Baiting” is an online physical social engineering attack

that promises the victim a reward. 

How to prevent online “Social Engineering” attacks ?

In today’s world, being alert is understandably normal.

It is hardly paranoia at all. Did you know that victims

generally tend to side or often sympathise with their

perpetrators. Why?

Being watchful of the consequences not only of the

pandemic, but most of all, of the tricks or scams

in one form or other, by overpowering and deceptive

ways, is more or less mandatory.

Always, go by one’s gut feeling. If you sense a call from an

unknown person or a Company, requesting sensitive

information, do your research before you hand over any

information, personal or otherwise.

Never fear to seek or ask for their full name, telephone or

mobile number or email  and be sure to contact their

source or after investigation, call them back only on

their number from their website. Don’t respond to their call,

or their SMS, unless you have prior or proven verification.

Never, ever reveal passwords or PINS via email or on your

mobile no matter how legitimate the request seems.

Companies, banks or security agencies hardly would seek

this information in this way.They know there are other secure

ways.Be adept to find out the other ways.

Resist the urge to click on suspicious links on the internet or

from anyone,even if you think you know them or are familiar

to them. Always double check the web address first, before

you open an unsecure web page or link.You never know who

is behind the scam.

Think twice or more if the message sounds too good to be

true,often your gut reaction is more true than the message.

Hasty action often has irreparable consequences. Even if it

looks, and sounds like it is coming from a reputable source,

be weary of putting your profile at risk.

One of the common threads linking these social engineering

techniques,patterns of activity, is the human element

involved, which cybercriminals craftily exploit and which

you need awareness of today. Remember,scammers never

give up. They treat their action as a hobby.

 

Victor Cherubim