Beware Social Engineering Attacks/ April 25th, 2016
Many people think there is little they can do to protect themselves from some mysterious hacker thousands of miles away.
In reality, the vast majority of the security breaches are a result of people not looking at that odd email, not protecting their passwords or being too casual about a request that just doesn't make sense.
Social engineering is an attack that relies on human interaction and often involves tricking people into breaking normal security procedures. Many social engineering exploits simply rely on people's willingness to be helpful.
Popular types of social engineering attacks include:
- Baiting: Baiting is when an attacker leaves physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing a virus.
- Phishing: Phishing is when someone sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
- Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
- Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.
The best way to protect yourself from these types of attacks is to be aware of who is contacting you via email or phone and being extra alert to things that just don't make sense.