On this week’s One Minute Wednesday, Melanie Nunn will be giving an overview of social engineering tactics. Cybercriminals commonly use social engineering schemes to manipulate their targets into giving up sensitive information. And since these attacks can come from a variety of angles, it’s important for you to identify the features of a social engineering attack so you can protect yourself.
Social Engineering: What It Is and How to Avoid It
Stories about cybersecurity breaches are reported almost daily in the media. But today’s cybercriminals are not like the stereotypical hackers you see in the movies, furiously typing out lines of code in front of a computer. Cybercriminals are now using social engineering schemes to trick unsuspecting people into giving up sensitive information.
The tricky thing about social engineering strategies is that they can come in a variety of forms. For example, social engineers often embed malware in fake documents, ads, or links in order to trick a user into clicking them. Another approach is to send an email, make a phone call, or create a pop-up asking for a user to divulge financial data, social security numbers, or other sensitive information.
Overall, social engineering attacks take advantage of a user’s trust in the security of their email, cell phone, or browser. Here are some steps you can take to spot and avoid social engineering scams:
- Stay alert when it comes to unsolicited emails, pop-ups, calls, or texts. It’s easy to forge any of these things to look like they’re coming from legitimate senders, so don’t trust an email or a phone call just because it appears to come from a trusted source.
- Remain cautious with phone calls, emails, and messages that ask you for personal and sensitive information. If you are asked for information like this, consider hanging up or deleting the email and then contacting the sender directly.
- Never download or open attachments from an unfamiliar sender.
- Never give out your usernames or passwords. And speaking of passwords, make sure each account has a unique password. If you have trouble remembering a bunch of distinct passwords, try using a password management tool like LastPass.
The objective of social engineering is to prevent you from realizing you were attacked until it is too late. It is increasingly common for victims to give up confidential information without knowing anything went wrong until weeks later, after money was stolen or systems were compromised. Knowing the warning signs for social engineering scams can help you stay on your guard.
Join us next week for another episode of One-Minute Wednesday!