Although, the likes of the Central Bank of Nigeria, Cybersecurity companies, and other institutions are playing aggressive roles in sensitizing Nigerians on social engineering tactics adopted by cyber criminals. It is important to understand some of the sophisticated techniques of Social Engineering.
Social Engineering in simple terms means the application of deceits to manipulate the psychology of an individual into divulging confidential or personal information that may be used for fraudulent purposes.
Social Engineering is not necessarily aimed at defrauding someone alone; the purpose could be to manipulate someone into doing whatever you want the person to do.
If you have an online account, it’s important to start watching for phishing attacks and other forms of social engineering, even a close pal sitting close to you when you type in your password is a social engineer.
Some of these hackers or social engineers are so good at playing on their target emotions and psychology, of which its difficult for the target to avoid.
“We are also beginning to see a new breed of attackers who appear to be trained in psychology, and are using that in new and efficient ways to get people in organizations to help them circumvent security controls,” says Jenny Radcliffe, director and head of training and consultancy at Jenny Radcliffe Training.
“Attackers are no longer concerned with the technical controls, but instead get insiders to help by engaging with them and building trust relationships.”
These attackers are now getting more complicated, devising hard to get tactics to circumvent security strategies.
Social Engineering has different techniques and takes various media to operate depending on the tools used.
Baiting: Most people are likely to fall for this technique. Baiting is when a hacker infects for instance flashes or USBs, he scatters it in a public place where people are connected waiting for someone to pick either the flash or USB to use.
Another way to do is, is to spread malicious links on the web, waiting for people to click on them.
Pretexting: This looks very real in most cases. It is based on a scripted scenario presented in front of the targets, used to extract some other information.
You may have experienced this, let me tell you how it works. If an attacker hacks my email account for instance and starts sending emails to my contacts requesting for money or any form of information from them with the aim of defrauding them.
Vishing: This is a type of Social Engineering in which some hackers clone the IVR system of a company.
The hackers might attach it to a free telephone number, trick people into calling the number and entering their details. It is usually targeted at large set of individuals.
The mistake we often make is that we don’t even think twice entering our information on IVR system.
Quid Pro Quo: This may look modernized, but it’s a cyber crime. Quid pro quo is when there is an exchange of something with the target.
For instance, an attacker might claim to solve a particular problem of the target, then, in the process, there is an exchange of money or any gift in return for the information.
Phishing: This is the most prominent form of Social Engineering. The attacker creates a website or support the website of a well-known company, creates a malicious link and sends it to the targets. If the target clicks on the link, the personal information of the target is compromised.
Defending Yourself Against Social Engineering
The fact is that you need to be alert when somebody is requesting for your information or when someone you don’t know gives you something for free.
The internet is not completely safe, that’s why it’s important you have their security consciousness in you.
Even when you log in to your social media account, it’s quite simple for someone close to you to start guessing your password; therefore you need to be careful.
Organizations and companies are usually the targets, in this case, it behooves some of these organizations to start drilling their employees in how to handle situations like Social Engineering.
