Social Engineering - Playing with Mind Games
Have you ever gotten scammed? If not, even if you think you're too smart to fall for a scam, you may have fallen into the hands of such an act already. Let's learn how the many ways to avoid this.
What is Social Engineering?
The formal definition of social engineering, in information security, is a form of scam methodology in manipulating people into giving out their confidential information. The social engineers behind these acts will use any time of trust-gaining, stress-inducing, etc. methods to convince you to commit a fraudulent action.
The 6 Types of Social Engineering
Phishing is the most common type of a social engineering attack; it involves an engineer recreating the portal of a renowned company to make it seem legitimate. The link is then sent through emails or social media to unexpecting victims. We wrote an entire article on this here.
2. Spear Phishing
Spear phishing is a branch of phishing, where the attackers pay more attention to each victim's personal details, so that their emails/posts are more customized to each victim's information. Thus, although more time-consuming, this ends up in a higher success rate.
Vishing is another branch of phishing, but on the phone. These attackers impersonate trusted company's interactive voice systems and trick victims into providing their personal information for free.
Pretexting and catfishing are similar to phishing, but they use an attractive phrase as a pretext to catch someone's attention. Each is based on a system of trust––attackers will impersonate a friend or colleague and will come up with an entire scenario that seems real. It becomes much more difficult to spot such an attacker due to how much research and effort they put into such an attack, but never be afraid to question them if they start asking for information or if something seems off.
Baiting originates from when attackers leave infected USB drives or optical disks at private places in hopes that a victim would pick it up and insert it into their personal computer. Modern applications would include including disguised links online in hopes that people would click them.
6. Quid pro quo
Quid pro quo involves the attacker presenting themselves as technical support after they purposely plant an error message or malfunction box. This places them in a bubble of trust that makes it easier for them to request personal information from victims that are less knowledgeable of scams.
Ways to Protect Yourself
Amist all of these methods of social engineering, what are some legitimate ways to protect yourself from them?
When you're in doubt, double check. If you receive a message, call or email that you weren't expecting, double check the identity of the sender.
Watch for small mistakes. Reputable companies or individuals always practice professional behavior and mannerisms, even when online. If you spot frequent grammar mistakes or a lack of authority, you should be suspicious.
Practice safe internet browsing. Limit the times you visit sketchy websites that could potentially include viruses.
Triple check before sending a party sensitive information. Even when it seems that the party you're talking to is trustworthy, if they start asking for information, check again that they're legitimate. Remember, if could be a bait or a catfish attack!
Use a VPN. A VPN will help mask your identity and prevent these attackers from finding out your true identity, especially on public WiFi.
Interested in improving your online security even further? Consider getting a VPN! Subscribe and download Hotspot VPN today at low costs for unlimited browsing and ultra-fast streaming.