Social engineering is yet another method criminals use to get the information they need to steal from people and businesses. Also known as ‘human hacking’ this form of scam is relatively easy to do.
So what is social engineering and how can you protect yourself or your business? When you see some examples in action, it’ll be easier for you to spot any human hackers that do cross your path.
What is social engineering?
Social engineering is a manipulation technique where scammers trick people into giving up confidential information such as their passwords or bank details. This is a cybercrime that doesn’t require the criminal to find ways to hack software, so no coding or detailed tech knowledge is needed. Instead, they rely on exploiting an individual’s natural inclination and lack of awareness to get what they want.
Social engineering attacks can take place in-person or online and are one of many social media threats you should be aware of.
Human hackers usually have a couple of goals in mind:
- Sabotage: To cause harm by accessing and corrupting data.
- Theft: To access a person’s money or personal information.
Social engineering examples
Social engineering attacks are successful because criminals emotionally manipulate victims into doing something they wouldn’t usually do. They’re master persuaders, and they’ll play on emotions such as fear, excitement, guilt and curiosity to mislead victims.
Social engineering hacking often uses urgency to trick victims into thinking a certain reward or offer is time-sensitive, to override their usual critical thinking ability. They’ll also build a good amount of trust, often by researching the victim and determining the best approach to take.
Attacks can take place on a range of platforms, but here are some key social engineering examples to look out for.
1. Social engineering and social media
Hackers may use social media to find their victims. (If you watched The Tinder Swindler, you’ll have an idea of how a seasoned manipulator carries out social media engineering attacks.)
Since the majority of people openly share sensitive information on their social media accounts, it’s the perfect environment for a human hacker. Criminals can use the information that’s openly shared online (even down to where someone ate lunch for a work trip), to access company data. They’ll often impersonate high-level figures, such as a CEO or company solicitor to build a relationship and establish trust with their target.
With enough trust in place, they can then manipulate the employee into sharing sensitive company data.
2. Baiting attacks
In a baiting attack, scammers dangle a false promise – like bait – to lure victims into a trap. Often, the trap is a dangerous attachment that steals financial/personal information and potentially infects the victim’s computer with malware.
3. Phishing attacks
By posing as a trusted organisation or individual, scammers carry out phishing attacks via SMS, phone or email to acquire sensitive information. This information could be anything from passwords to credit card details, and these attacks work because they instil a sense of fear or urgency into the victim.
4. Emails from someone you trust
Sometimes, social engineering hacking comes in the form of an email from a friend or another trusted source. Hackers know most people won’t doubt their friends, so they often hack an individual’s email credentials and use that account to reach out to people in their contact list. These emails are likely to contain a link or attachment that, when clicked, downloads malicious software onto the victim’s system.
Social engineers may also pose as a well-known, trusted business to persuade victims to download dangerous files. According to a 2018 report by Webroot, financial institutions are the most commonly impersonated type of company.
How to protect your business
As a business, your employees could be a target of a social engineering attack. And, when employees have access to company information, that could put your business at risk.
The best way to stay protected is to educate employees about the dangers of social engineering, along with details about phishing, baiting, etc. Ensure all members of staff follow these guidelines to minimise their risk of falling prey to an online scam:
- Don’t give out personal information, financial information or log-in details to anyone, under any circumstances.
- Set spam settings to high to avoid malicious emails slipping through the cracks.
- Install and regularly update anti-virus software and firewalls.
- Avoid giving into urgency tactics. Take the time to review offers before responding.
- Don’t click links in an email; use search engines or the company website to land where you want to go.
- If you receive an attachment or link from someone you know, double-check it’s them before clicking anything.
Protect your brand from social media engineering and other forms of social engineering with FraudWatch’s brand protection services. Contact us online.