Scribd
Upload
132 views4 pages

Social Engineering: Examples & Tips

Social engineering is the manipulation of people into revealing confidential information through deception. Criminals use social engineering tactics like phishing emails that appear to come from friends or trusted sources asking for sensitive information. These emails may contain malicious links or attachments that install malware. Tips to avoid social engineering include slowing down before responding, researching unsolicited requests, avoiding clicking links from unknown sources, ignoring requests for financial information or passwords, and securing devices with antivirus software and firewalls.

Uploaded by

Faizan Ammar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
132 views4 pages

Social Engineering: Examples & Tips

Social engineering is the manipulation of people into revealing confidential information through deception. Criminals use social engineering tactics like phishing emails that appear to come from friends or trusted sources asking for sensitive information. These emails may contain malicious links or attachments that install malware. Tips to avoid social engineering include slowing down before responding, researching unsolicited requests, avoiding clicking links from unknown sources, ignoring requests for financial information or passwords, and securing devices with antivirus software and firewalls.

Uploaded by

Faizan Ammar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Social Engineering

Examples and Prevention Tips

Introduction
Social engineering is the art of manipulating people so they give up confidential information. The types
of information these criminals are seeking can vary, but when individuals are targeted the criminals
are usually trying to trick you into giving them your passwords or bank information, or access your
computer to secretly install malicious software–that will give them access to your passwords and bank
information as well as giving them control over your computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination
to trust than it is to discover ways to hack your software. For example, it is much easier to fool
someone into giving you their password than it is for you to try hacking their password (unless the
password is really weak).

Security is all about knowing who and what to trust. It is important to know when and when not to take
a person at their word and when the person you are communicating with is who they say they are. The
same is true of online interactions and website usage: when do you trust that the website you are
using is legitimate or is safe to provide your information?

It is important to know when and when not to take a person at their word and when the person you are
communicating with is who they say they are. The same is true of online interactions and website
usage: when do you trust that the website you are using is legitimate or is safe to provide your
information.

What Does a Social Engineering Attack Look Like?


Email from a friend
If a criminal manages to hack or socially engineer one person’s email password they have access to
that person’s contact list–and because most people use one password everywhere, they probably
have access to that person’s social networking contacts as well.
Once the criminal has that email account under their control, they send emails to all the person’s
contacts or leave messages on all their friend’s social pages, and possibly on the pages of the
person’s friend’s friends.

Taking advantage of your trust and curiosity, these messages


will:
1) Contain a link that you just have to check out–and because the link comes from a friend
and you’re curious, you’ll trust the link and click–and be infected with malware so the
criminal can take over your machine and collect your contacts info and deceive them just
like you were deceived
2) Contain a download of pictures, music, movie, document, etc., that has malicious
software embedded. If you download–which you are likely to do since you think it is from
your friend–you become infected. Now, the criminal has access to your machine, email
account, social network accounts and contacts, and the attack spreads to everyone you
know. And on, and on.

Email from another trusted source


Phishing attacks are a subset of social engineering strategy that imitate a trusted source and
concoct a seemingly logical scenario for handing over login credentials or other sensitive personal
data.

Using a compelling story or pretext, these messages may:


 Urgently ask for your help. Your ‘friend’ is stuck in country X, has been robbed, beaten,
and is in the hospital. They need you to send money so they can get home and they tell you
how to send the money to the criminal.
 Use phishing attempts with a legitimate-seeming background. Typically, a phisher
sends an e-mail, IM, comment, or text message that appears to come from a legitimate,
popular company, bank, school, or institution.
 Ask you to donate to their charitable fundraiser, or some other cause. Likely with
instructions on how to send the money to the criminal. Preying on kindness and generosity,
these phishers ask for aid or support for whatever disaster, political campaign, or charity is
momentarily top-of-mind.
 Present a problem that requires you to "verify" your information by clicking on the
displayed link and providing information in their form. The link location may look very
legitimate with all the right logos, and content (in fact, the criminals may have copied the
exact format and content of the legitimate site). Because everything looks legitimate, you
trust the email and the phony site and provide whatever information the crook is asking for.
These types of phishing scams often include a warning of what will happen if you fail to act
soon because criminals know that if they can get you to act before you think, you’re more
likely to fall for their phishing attempt.
 Notify you that you’re a ’winner.’ Maybe the email claims to be from a lottery, or a dead
relative, or the millionth person to click on their site, etc. In order to give you your ’winnings’
you have to provide information about your bank routing so they know how to send it to you
or give your address and phone number so they can send the prize, and you may also be
asked to prove who you are often including your social security number. These are the
’greed phishes’ where even if the story pretext is thin, people want what is offered and fall for
it by giving away their information, then having their bank account emptied, and identity
stolen.
 Pose as a boss or coworker. It may ask for an update on an important, proprietary project
your company is currently working on, for payment information pertaining to a company
credit card, or some other inquiry masquerading as day-to-day business.

Tips to Remember:
 Slow down. Spammers want you to act first and think later. If the message conveys a sense
of urgency or uses high-pressure sales tactics be skeptical; never let their urgency influence
your careful review.
 Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is
from a company you use, do your own research. Use a search engine to go to the real
company’s site, or a phone directory to find their phone number.
 Don’t let a link be in control of where you land. Stay in control by finding the website
yourself using a search engine to be sure you land where you intend to land. Hovering over
links in email will show the actual URL at the bottom, but a good fake can still steer you
wrong.
 Email hijacking is rampant. Hackers, spammers, and social engineers taking over control
of people’s email accounts (and other communication accounts) has become rampant. Once
they control an email account, they prey on the trust of the person’s contacts. Even when the
sender appears to be someone you know, if you aren’t expecting an email with a link or
attachment check with your friend before opening links or downloading.
 Beware of any download. If you don’t know the sender personally AND expect a file from
them, downloading anything is a mistake.
 Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes,
money from an unknown relative, or requests to transfer funds from a foreign country for a
share of the money it is guaranteed to be a scam.
Ways to Protect:
 Delete any request for financial information or passwords. If you get asked to reply to a
message with personal information, it’s a scam.
 Reject requests for help or offers of help. Legitimate companies and organizations do not
contact you to provide help. If you did not specifically request assistance from the sender,
consider any offer to ’help’ restore credit scores, refinance a home, answer your question,
etc., a scam. Similarly, if you receive a request for help from a charity or organization that
you do not have a relationship with, delete it. To give, seek out reputable charitable
organizations on your own to avoid falling for a scam.
 Set your spam filters to high. Every email program has spam filters. To find yours, look at
your settings options, and set these to high–just remember to check your spam folder
periodically to see if legitimate email has been accidentally trapped there. You can also
search for a step-by-step guide to setting your spam filters by searching on the name of your
email provider plus the phrase ’spam filters’.
 Secure your computing devices. Install anti-virus software, firewalls, email filters and keep
these up-to-date. Set your operating system to automatically update, and if your smartphone
doesn’t automatically update, manually update it whenever you receive a notice to do
so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks.

You might also like