Social engineering* is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.
Scams based on social engineering are built around how people think and act. As such, social engineering attacks are especially useful for manipulating a user’s behavior. Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively.
In addition, hackers try to exploit a user’s lack of knowledge. Thanks to the speed of technology, many consumers and employees aren’t aware of certain threats like drive-by downloads. Users also may not realize the full value of personal data, like their phone number. As a result, many users are unsure how to best protect themselves and their information.
Generally, social engineering attackers have one of two goals:
- Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
- Theft: Obtaining valuables like information, access, or money.
Social engineering includes Phishing, Pharming, Smishing, Impersonation, and many more tricks to get you to give us personal and confidential information.
5 tips to help you avoid being a social engineering victim**
- Consider the source. A found USB stick isn’t necessarily a good find. It could be loaded with malware, just waiting to infect a computer. And a text or email from your bank isn’t necessarily from your bank. Spoofing a trusted source is relatively easy. Don’t click on links or open attachments from suspicious sources — and in this day and age, you may want to consider all sources suspicious. No matter how legitimate that email appears, it’s safer to type a URL into your browser instead of clicking on a link.
- Slow down. Social engineers often count on their targets to move quickly, without considering the possibility that a scammer may be behind the email, phone call, or face-to-face request on which they’re acting. If you stop to think about the ask and whether it makes sense or seems a bit fishy, you may be more likely to act in your own best interest — not the scammer’s.
- If it sounds too odd to be true …. Seriously, how likely is it that a Nigerian prince would reach out to you for your help? Or, on the flip side, that a relative is texting you to post bail while traveling? Investigate any requests for money, personal information, or any item of value before handing it over. There’s a pretty good chance it’s a scam — and even if it’s not, better to be safe than sorry.
- Install an antivirus software or a security suite — such as Norton Security — and keep that software up to date. Also, make sure your computer and other devices are running the latest versions of their operating software. If possible, set the operating systems to update automatically. Having the latest versions of these software applications on your devices will help ensure they’re prepared for the most recent security threats.
- Your email software can help you. Most email programs can help filter out junk mail, including scams. If you think yours isn’t doing enough, do a quick online search to find out how to change its settings. The goal is to set your spam filters to high to weed out as much junk mail as possible.
*Kaspersky.com, “What is social engineering?”
**Norton.com, “What is social engineering? Tips to help avoid becoming a victim”