SOCIAL ENGINEERING ATTACK
What is a social engineering attack?
This is the use of deceptive tools and methods on you the human mind in order to manipulate you into divulging confidential or personal information. Once obtained this data will be used for fraudulent purposes. Especially today social engineers attack users with online accounts via chatting and email or calls. Phishing attacks are a form of social engineering.
Types of social engineering attacks
- spear phishing
- quid pro quo
For example, romance scams (via dating apps) caused $304 million in losses in 2020.
How to detect social engineering? Red flags.
Hackers will try to gain access to sensitive data via social engineering methods. Phishing schemes & ransomware, spyware & malware will be deployed in the second phase to perform a data breach. Cybercriminals will infiltrate your systems, upload malicious files, and access your sensitive data.
This justifies looking out for red flags and not ignoring symptoms. It is easier to social engineer and manipulates people. Hacking technology & security systems are more complex. Clearly, the human element is the weak factor here. We are all subject to psychological manipulation, fear, a sense of urgency, etc.
Red flags are:
- unauthorized credit card transactions
- compromised business emails
- suspicious messages designed to attract your attention, make you curious
- emails with deceptive subject lines
- emails trying to gather information by setting a sense of urgency
- shortened URLs or embedded links that redirect victims to malicious domains
- unknown entities asking questions via instant messaging & social media
How to protect yourself from social engineering attacks?
Every one of your staff can be a potential target. Human operators are mostly the weakest security link. We all can be subject to some form of emotional manipulation. Hence, it makes sense to provide extensive staff training & testing plus mitigate security breaches. Establish proper password security and implement two-factor authentication.
- people do succumb to password anxiety and fatigue
- abusing of trust or manipulation is common
- victims are conned into providing confidential data
Currently, the whole current social media landscape is also fertile ground for setting up social engineering attacks, so you might want to re-think just connecting company accounts to any social media (market) place.
- be suspicious of unsolicited emails or instant other messages
- do not put contact information as a reply to a suspicious message
- apply a zero trust model to apps. don’t just think that apps are safe
- don’t assume that all business communications are secure
- don’t share private information online
- use multi-factor authentication to secure access to your accounts
- learn to identify the symptoms of a social engineering attack
Social Engineering Investigation
In our forensic social media investigation, related to the issue of social engineering, we will go very deep into your company’s usage of social media and other digital channels.
- which elements are in effect compromised by the perpetrator?
- how, when, and by whom were things compromised?
- what malicious type of method did the attacker use?
- is there any forensic evidence to prove that there was a data exfiltration?
What could happen when a social engineering attack hits you?