“Thou shall not steal.” Deuteronomy 5:19
Social engineering is the art of manipulating people so they give up confidential information such as passwords or bank information, or access to their computers to secretly install malicious software that will give them access to your passwords and bank information as well as give them control over your computer.
TYPES OF SOCIAL ENGINEERING ATTACKS
• Baiting: This is when an attacker leaves a malware infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
• Banking Link Scam: Hackers send you an email with a phony link to your bank, tricking you into entering your bank ID and password.
• Spear Phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.
• Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
• Scare-Ware: Scare-ware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker’s malware.
WAYS OF PREVENTING SOCIAL ENGINEERING
1. NEVER provide confidential information and credentials via email, chat messenger, phone or in person to unknown or suspicious sources.
2. If you receive an email with a link to an unknown site AVOID the instinct to click it immediately even if it seems to have been sent from one of your contacts. Take a look at the URL to see if it looks suspicious. Often the email might seem to have arrived from one of your contacts but if you check the email address you will see that it is not legitimate. REMEMBER if it looks fishy, it probably is!
3. BEFORE clicking on links both in emails and on websites keep an eye out for misspellings, @ signs and suspicious sub-domains.
4. NEVER use USB devices that you are not sure of the owner
5. Ensure you attend the regular ICT Security Awareness conducted by your organisation’s cyber security unit
6. USE multiple control mechanism such as 2-factor authentication to login to all your accounts in order to make it more difficult for hackers.
7. Always keep a watch out for uninitiated or automatic downloads. It could be a malware piggybacking onto your system. All such activity should be reported IMMEDIATELY to your organisation’s cyber security unit.