Social engineering is the art of deceiving people in an effort to steal information, data, or money. It is about tricking someone into giving out confidential information or doing something they don’t want to. Socially engineered threats are harder to protect against because they target an individual and not a system. Social engineering is successful because of the way information is shared.
These scenarios are popular and surprisingly successful.
Breaking news. Buzz-worthy events are quickly manipulated and shared. Natural disasters, celebrated holidays, popular sporting events and product/service launches will all capture the inquiring mind. Within minutes of a hurricane or just before the Super Bowl we can expect to find a hard to resist video or photo.
Popular celebrity headlines. Celebrity news draws the most interest of any kind of news. As a rule, the more unbelievable the headline the more the readers want to read it. These handcraft and malicious articles are shared, inviting in the curious fans and followers.
Helpful apps. Implicitly trusting of your social media platform, most have less hesitation to launch links for a special feature or app-downloaded site. Posts promoting new social media features for a limited amount of time are actually laden with malicious code.
Fear as a motivator. Urgent notifications regarding your computer security or financial safety require immediate action. The solution is advertised as a simple action such as viewing an attachment, buying an application or making an online payment.
The most effective way to protect against social engineering is to stay informed. Become educated on what to watch out for, what to avoid, and what to be cautious of.
- Bookmark trusted sites. Trust should be earned – especially for new sites. Links that look like a site you are familiar with should still be avoided. Instead of accessing from the link, navigate to your bookmark and complete your research there.
- Suspicion is best. As a default, never trust a link. Before launching, always investigate further. This is especially true when it accompanies a message full of promises. Promises that are too good to be true, are too good to be true.
- Don’t be intimidated. Those using social engineering to gain information will often rely on the element of surprise to scare you into doing something or revealing information. These are always best to ignore, or research elsewhere. In either case, no immediate action should be taken.
- Keep current software. Check to make sure you are using the most current anti-virus, anti-malware, and browser updates. Out-of-date software will not be able to protect against recent security threats.
- Utilize security features. Social media platforms and email providers will have built-in security features. Explore and utilize their features. Some sites may even provide information on the latest threats and tips to help you safely navigate through their pages.