Triskele Labs Blog

What is social engineering? Common attack techniques to watch out for and prevention methods

Written by Nick Morgan | Aug 13, 2019 10:59:00 AM

Despite the fact that cybersecurity is both at its most developed stage, yielding powerful tools and software, it is also at its most vulnerable. In this kind of environment, the question, ‘what is social engineering?’, has never been more topical.

Given that even the most robust security plans and systems can be waylaid if you’re tricked into providing sensitive information, it’s important to understand how these types of attacks work. It’s equally crucial that you find out how you can prevent social engineering from taking place. 

Discover both in our latest blog post.

WHAT IS SOCIAL ENGINEERING?

Social engineering refers to when individuals are manipulated to provide confidential information including credit card details and login information so that hackers can steal data for nefarious purposes or take control of an individual’s computer. 

Social engineering is usually a highly successful effort for malicious individuals and organisations.

According to CyberEdge, the number of successful attacks in 2017 was 79% - an increase from 62% in 2014.

SOCIAL ENGINEERING ATTACK TECHNIQUES

Following up on the all-important ‘what is social engineering?’ question, the attack techniques used as a part of this cybersecurity threat is what we’re asked about the most. Here are some common attack techniques:

Baiting

Here, an individual is tricked into downloading a malware-infected application or into clicking a banner or ad that redirects them to a malicious site. Baiting also includes the scenario where an infected hard drive or flash drive is connected to your computer and hackers gain control through malware installations. 

Scareware

Scareware is a type of digital extortion where individuals are misled into believing they’re vulnerable to or are the victims of cybersecurity attacks. They are then prompted to install software they believe will protect them, which later turns out to be malware. 

A fine example of this is the hard-to-ignore popups that say your PC is infected with a virus or spyware. While these popups will provide instructions or offer to redirect you to a site that will rid you of this supposed virus or spyware, make sure you don’t click them.

Pretexting

This kind of social engineering attack is where a hacker coaxes sensitive information from you through a series of lies. 

Here, hackers will impersonate several characters, from the police to co-workers or tax officials to try and obtain your personal information. They will try to confirm your identity and ask you many questions, attempting to get you to part with your social security number, address, phone number, bank records and other sensitive data. 

Phishing

In this type of attack, potential victims are sent emails or texts that create a sense of danger and urgency, prompting them to visit dummy sites and enter their credentials, sending it to the hands of malicious attackers. 

Spear phishing, is a more targeted attack where specific individuals and organisations are chosen. Messaging is personalised to a very high level to mask suspicious requests and activity. This, for example, involves a hacker impersonating a company's IT consultant and asking employees to change their passwords or take fake security measures that ultimately undermine a company’s cybersecurity.

HOW CAN SOCIAL ENGINEERING BE PREVENTED?

Don’t open emails or attachments from unfamiliar sources

If something feels off about an email or attachment, the best course of action is to mark spam and delete. If the email in question appears to be from someone from your organisation, but contains suspicious instructions, check with that person if they’ve sent you this specific email. 

Use 2-factor authentication wherever possible

2-factor or multifactor authentication can seem like quite the chore, but it’s highly useful in preventing hackers from accessing your data. Whether you choose OTP or a security question, make sure you have safeguards in place to protect your information.

Stay away from offers that seem too good to be true 

Online offers can be very sketchy and if you’re not careful, you may end up yielding a host of private information and computer access that can prove to be both damaging and dangerous. 

Update your antivirus software frequently 

One of the easiest ways to ensure that you don’t fall prey to social engineering is to keep your antivirus/antimalware software up-to-date. Make sure you check for updates frequently and ensure that your cybersecurity systems and mechanisms are enabled at all times.

DEFEND YOURSELF AGAINST SOCIAL ENGINEERING WITH A COMPREHENSIVE CYBERSECURITY COVER

We started this post with the question ‘what is social engineering?’. Now that you know the answer, it’s high time that you start taking preventative action against these kinds of cybersecurity threats.

If you’re unsure of how to proceed or require a complete strategy to protect your business, our team at Triskele Labs is equipped to provide you with what you need