Wednesday, June 29, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Article

Social Engineering…. Tips to help avoid becoming a Victim

Henrietta Ijenebe by Henrietta Ijenebe
March 11, 2021
in Article
0
Share on FacebookShare on Twitter

Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.

To access a computer network, the typical hacker might look for a software vulnerability. A social engineer, though, could pose as a technical support person to trick an employee into divulging their login credentials. The fraudster is hoping to appeal to the employee’s desire to help a colleague and, perhaps, act first and think later. 

6 types of Social Engineering Attacks

1.Baiting

This type of social engineering depends upon a victim taking the bait, not unlike a fish reacting to a worm on a hook. The person dangling the bait wants to entice the target into taking action.

Example

A Cybercriminal might leave a USB stick, loaded with malware, in a place where the target will see it. Besides, the Criminal might label the device in a compelling way — “Confidential” or “Bonuses.” A target who takes the bait will pick up the device and plug it into a computer to see what’s on it. The malware will then automatically inject itself into the computer.

2. Phishing

Phishing is a well-known way to grab information from an unwitting victim. Despite its notoriety, it remains quite successful. The perpetrator typically sends an email or text to the target, seeking information that might help with a more significant crime.

Example

A fraudster might send emails that appear to come from a source trusted by the would-be victims. That source might be a bank, for instance, asking email recipients to click on a link to log in to their accounts. Those who click on the link, though, are taken to a fake website that, like the email, appears to be legitimate. If they log in at that fake site, they’re essentially handing over their login credentials and giving the crook access to their bank accounts.

phishing
Source:https://www.rmonnetworks.com

In another form of phishing, known as spear phishing, the fraudster tries to target — or “spear” — a specific person. The criminal might track down the name and email of, say, a human resources person within a particular company. The criminal then sends that person an email that appears to come from a high-level company executive. Some recent cases involved an email request for employee W-2 data, which includes names, mailing addresses, and Social Security numbers. If the fraudster is successful, the victim will unwittingly hand over information that could be used to steal the identities of dozens or even thousands of people.

3. Email hacking and contact spamming

It’s in our nature to pay attention to messages from people we know. Some Criminals try to take advantage of this by commandeering email accounts and spamming account contact lists.

Example

If your friend sent you an email with the subject, “Check out this site I found, it’s cool,” you might not think twice before opening it. By taking over someone’s email account, a fraudster can make those on the contact list believe they’re receiving email from someone they know. The primary objectives include spreading malware and tricking people out of their data.

4. Pretexting

Pretexting is the use of an interesting pretext — or ploy — to capture someone’s attention. Once the story hooks the person, the fraudster tries to trick the would-be victim into providing something of value.

Example

Let’s say you received an email, naming you as the beneficiary of a will. The email requests your personal information to prove you’re the actual beneficiary and to speed the transfer of your inheritance. Instead, you’re at risk of giving a con artist the ability not to add to your bank account, but to access and withdraw your funds.

5. Quid pro quo

This scam involves an exchange — I give you this, and you give me that. Fraudsters make the victim believe it’s a fair exchange, but that’s far from the case, as the cheat always comes out on top.

Source:https://www.kaspersky.com

Example

A scammer may call a target, pretending to be an IT support technician. The victim might hand over the login credentials to their computer, thinking they’re receiving technical support in return. Instead, the scammer can now take control of the victim’s computer, loading it with malware or, perhaps, stealing personal information from the computer to commit identity theft.

6. Vishing

Vishing is the voice version of phishing. “V” stands for voice, but otherwise, the scam attempt is the same. The criminal uses the phone to trick a victim into handing over valuable information.

Source:https://www.terranovasecurity.com

Example

A Criminal might call an employee, posing as a co-worker. The Criminal might prevail upon the victim to provide login credentials or other information that could be used to target the company or its employees.

Something else to keep in mind about social engineering attacks is that Cybercriminals can take one of two approaches to their crimes. They often are satisfied by a one-off attack, known as hunting. But they can also think long-term, a method is known as farming.

As the short form of attacks, hunting is when Cybercriminals use phishing, baiting, and other types of social engineering to extract as much data as possible from the victim with as little interaction as possible.

Farming is when a Cybercriminal seeks to form a relationship with their target. The attacker’s goal, then, is to string along the victim for as long as possible to extract as much data as possible.

5 tips to help you avoid being a social engineering victim

1. Consider the source

  A found USB stick isn’t necessarily a good find. It could be loaded with malware, just waiting to infect a  computer. And a text or email from your bank isn’t necessarily from your bank. Spoofing a trusted source is relatively easy. Don’t click on links or open attachments from suspicious sources — and in this day and age, you may want to consider all sources suspicious. No matter how legitimate that email appears, it’s safer to type a URL into your browser instead of clicking on a link.

2. Slow down

 Social engineers often count on their targets to move quickly, without considering the possibility that a scammer may be behind the email, phone call, or face-to-face request on which they’re acting. If you stop to think about the ask and whether it makes sense or seems a bit fishy, you may be more likely to act in your own best interest — not the scammer.

  3. If it sounds too odd to be true

Seriously, how likely is it that a Nigerian prince would reach out to you for your help? Or, on the flip side, that a relative is texting you to post bail while traveling? Investigate any requests for money, personal information,    or any item of value before handing it over. There’s a pretty good chance it’s a scam — and even if it’s not,       better to be safe than sorry.

4. Install antivirus software or a security suite 

such as Norton Security — and keep that software up to date. Also, make sure your computer and other devices are running the latest versions of their operating software. If possible, set the operating systems to update automatically. Having the latest versions of these software applications on your devices will help ensure they’re prepared for the most recent security threats.

5.Your email software can help you

Most email programs can help filter out junk mail, including scams. If you think yours isn’t doing enough, do a quick online search to find out how to change its settings. The goal is to set your spam filters too high to weed out as much junk mail as possible.

Conclusion

Social engineering is everywhere, online and offline. Your best defense against these kinds of attacks is to educate yourself so that you’re aware of the risks — and to stay alert.

Tags: AntivirusAttacksBaitingCybercriminalsFraudsterInstallPhishingsecuritySoftwareVishing
Henrietta Ijenebe

Henrietta Ijenebe

Another Breed striving to make our cyber.space a better state of existence. CyberContent Writer at Cybersecfill. Cybersecurity Threat Intelligence Analysis... Penetration Testing... I code in Javascript...Python...PHP I convey with HTML I beautify with CSS

Next Post
Malware and Computer Viruses…Facts and FAQs

Malware and Computer Viruses...Facts and FAQs

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

5
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions