Social Engineering Targets People Rather than Computer Systems

February 9, 2016 | Views: 2411

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Today, social engineering attacks can happen through electronic means such as email, websites etc. and in person (the old-fashioned way).

 

In-Person Approaches

In-person social engineering attacks could include an attacker impersonating co-workers, police, financial authorities, insurance investigators etc. The social engineer might ask the target for important information, like passwords.

  1. “The finance manager asked that I pick up the audit reports. Will you please provide them?”
  2. “The Sales director has asked me for this (sensitive) information which is business critical and time is running out…”

DO NOT provide critical information immediately in such scenarios. Dig deeper, talk to your co-workers and managers (e.g.: finance manager or sales director) to discern whether these requests are legitimate.

 

Online Approaches

Online social engineering attacks (commonly known as phishing) use legitimate looking emails, websites or other electronic means. Phishing emails can resemble those coming from a trustworthy sites like eBay, PayPal, or a bank. They might contain links that looks like they go to the original website, and can send you to a fake website that’s made to look like the real website. When the victim logs in to the fake page, their information is stolen.

Ways to detect a phishing email:

  1. Link/email address manipulation: the sender email address or the website link will look like a valid one. Closely examine the email address for an incorrectly spelled company name or hover over the link in the email to see if it directs you to the right website.
  2. Bad grammar/bad punctuation in the email message.
  3. Use of outdated company logo.
  4. Most companies you do business with will address you by your name. Therefore they aren’t going to address you as “Dear customer/client”.
  5. Beware of urgent or threatening language in the subject line.

 

Be careful – it can be one of your best defenses!

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. Good advice, especially the part about talking to the authorities directly; don’t let a potential scammer pressure you into providing sensitive information under the guise of a deadline. If they are legitimate they will certainly understand your need for verification.

    It would seem that as many scams are reported in the media on any given day, we the public would be more wary by now, yet the number (as well as the sophistication) of such acts seems to keep increasing. Thanks for a timely reminder!

  2. “Dig deeper”: in and of itself is some great and powerful advice.

  3. I’ve taken a psychology class before and you’d be fascinated how easy it is to dupe a person.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 335 / December 14, 2019
How do I Get MTA Certified?
Views: 927 / December 12, 2019
How much does your PAM software really cost?
Views: 1380 / December 10, 2019
How Do I Get into Android Development?
Views: 1758 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel