🎉 Welcome to our new Trend Micro Community! Explore the new look! Read More

what is social engineering in cybersecurity

 

 

Everyone still hopes to have a romantic fling by swiping right on seemingly perfect profiles on dating apps. We get so excited that we often forget about the dangers posed by social engineering attackers. These attackers deceive their targets by crafting believable stories that exploit their trust. They exploit the way people think to induce a sense of comfort and lower their defenses. Essentially, the attackers pretend to be someone trustworthy to gain access to sensitive information.

 

 

 

What is Social Engineering?

 

Social Engineering uses human interaction and manipulation to gain access to your sensitive private/personal information. Online crooks deceive users to get their hands on their money. 

 

Social Engineering encompasses a range of tricks used by cybercriminals to manipulate people into doing things they don't want to do, driven by the pursuit of profit.

 

Threat actors use social engineering to disguise themselves and their motives, often by acting as trusted individuals.

 

 

 

Ways to Identify a Social Engineering Attack

 

If you come across any of the following, note that they are major red flags, indicating that social engineering attackers are already at play.

  • Receiving unsolicited emails or text messages from someone you don’t know.
  • The message is supposedly very urgent.
  • The message requires you to click on a link or open an attachment.
  • The message contains many typos and grammatical errors.
  • Similarly, you receive a call from someone you don't know.
  • The caller tries to obtain personal information from you.
  • The caller is attempting to get you to download something.
  • The caller speaks with a great sense of urgency and/or aggression, similarly to the previous point.

 

 

Types of Social Engineering

 

Here are the key social engineering attacks to be aware of:

Phishing

Phishing uses email and text messaging to lure victims into clicking on malicious attachments or links to harmful websites.

 

Baiting

Baiting uses a false promise to tempt victims via greed or interest. For example, malicious attackers leave a malware-infected flash drive, or a bait, in a public place. A potential victim may be interested in its contents and insert it into their device, unwittingly installing malware.

 

Pretexting

Pretexting In this attack, one actor lies to another to gain access to data. For example, an attacker may pretend to need financial or personal data to confirm the identity of the recipient.

 

Scareware

Scareware involves victims being scared with false alarms and threats. Users might be deceived into thinking that their system is infected with malware. They, then, install the suggested software fix — but this software may be the malware itself, for example, a virus or spyware. Common examples are pop-up banners appearing in your browser, displaying text like “Your computer may be infected.” It will offer to install the fix or will direct you to a malicious website.

 

Spear phishing and whaling

Like phishing, the attack is specifically targeted at a particular individual or organization. Similarly, whaling attacks target high-profile employees, such as CEOs and directors.

 

Tailgating

Also known as piggybacking, tailgating is when an attacker walks into a secure building or office department by following someone with an access card. This attack presumes others will assume the attacker is allowed to be there.

 

 

 

What happens when you respond to a Social Engineering attempt? What should we do? Read more to learn what to do.

 



Trend Micro’s Antivirus One

 

Antivirus One offers live antivirus monitoring to protect your computer from viruses, adware, ransomware, spyware, and all other kinds of malware attacks. But best of all, you can get it for FREE! Its key features include:

  1. Fast and thorough scans in under a minute — and the power to eliminate anything malicious if found.
  2. Constant, real-time web threat protection as you browse.
  3. Data privacy sweeps — in which your personal data will be sought out and eliminated before leaked on dangerous websites.
 

 

If you found this article interesting or helpful, please share it with your friends and family to help keep the online community safe. Feel free to leave a like and comment as well.

Post a comment