Social Engineering has already become one of the most common attacks and attempted scam methods on the Internet.
The procedure consists of the use of tricks and deception that seek to take advantage of the characteristics of the digital environment and the weakness of the human mind too, through identity theft, establish methods that invite the victim to share information or control over personal accounts or corporate.
Would you like to know more about this type of attack? Here we detail in great detail what is Social Engineering in Computer Science and Cybersecurity.
Table of Contents
SCAM METHODS USING SOCIAL ENGINEERING
Social Engineering methods are as varied as the creativity of the attacker and the characteristics of the place where the encounter between victim and criminal takes place.
Although the tactics to complete the scam are infinite, we can group them around the following main methods:
SOLUTION AND HELP
Related to some type of support or customer service, the application of Social Engineering consists of making us believe that we are talking to a specialist who will remedy a problem of which he has knowledge.
The threat occurs when we provide access to our accounts to the attacker, who will ask us for a username and password or some type of information related to our passwords.
FALSE PROFESSIONAL CONTACT
It is a type of cyberattack in which social engineering is introduced into the activity of a company. To do this, the attacker will impersonate one of the employees or departments.
In this case, identity theft can come from two types of false identities:
The attacker poses as a complete stranger who supposedly works with us. In this case, the effectiveness of the offensive can be important and very damaging, but easy to detect by the cybersecurity tools that the company integrates.
The second option is much more dangerous when the scammer manages to impersonate a recognized employee, especially if he is an authority. Then, the threat will be total when the employee’s response, given the trust and the need to respond to a superior, multiplies the risks of opening a breach in the system.
SUPER BARGAIN OR OPPORTUNITY
It is one of the most common in the private field.
The attacker publishes a spectacular offer on a sales or contact platform, trying to get many interested victims to contact him asking about the product offered.
The purpose will be to start a particular conversation, usually through the messaging systems integrated into the platform where you have posted the ad.
The request for information, which is often proof of payment or shipping, will be the result of the need for some type of advance on our part.
BLACKMAIL OR CLAIM
Someone on the other side will use Social Engineering techniques to make us believe that it is somebody or a company issuing a payment claim against us.
Through Phishing techniques, the attacker will make us believe that they have confidential personal information or that we must pay some kind of payment as a method to avoid greater penalties.
WHERE DO THESE TYPES OF ATTACKS OCCUR?
The Internet is generally a safe place if you know how to use it and who or how to talk to.
But let’s not fool ourselves.
It is also a very impersonal medium and we cannot always establish patterns of trust with the person who is speaking to us.
If we take this into account, do you know where Social Engineering attacks happen?
The attacker uses Phishing techniques to make us believe that the person who writes to us is a person or company with the power to do so.
Today, email is still one of the most common attack channels, since it is a medium in which it is very easy to imitate the style of any other entity, including the way of writing or the use of emulating corporate images.
SOCIAL NETWORKS
It is easy to create a new account on any social network and pretend to be a fake profile that writes to another registered user.
The attacker relies on the social nature of the medium, where we assume that the person speaking to us is a person.
Therefore, it is not surprising that the victim agrees to interact with the attacker without even suspecting it.
MARKET PLACES
Although this term may sound Chinese to you, surely you have used marketplaces on dozens of occasions.
Do you know Idealista, Coches.net, eBay, or Wallapop?
They are some of the many places where anyone can advertise their products or services.
Although these platforms undoubtedly take important actions to protect their users, it is impossible to control all social engineering attempts that take place within them.
HOW TO BE PREPARED AGAINST SOCIAL ENGINEERING ATTACKS
The first thing that we can recommend to be prevented from Social Engineering is the following:
ALWAYS BE SUSPICIOUS OF ANYONE YOU DON’T KNOW.
You can’t trust anyone on the internet. Not even who you think you can do it (family, friends, coworkers…) because behind them there could be someone who supplants them.
Even less, agree to interact and provide some kind of trust to someone you have never seen in real life or who cannot prove their identity to you in a reliable way.
ESPECIALLY IF THEY WRITE WRONG
It may sound silly, but typically attackers come from foreign countries where a different language is spoken than yours. Therefore, their dialogue in Spanish can be based on the use of translators.
If you see incorrect use of verb conjugations or detect any strange words, rule out continuing that conversation.
On the other hand, if you are on a social network, note that the person speaking to you has a verified button.
You can also take a look at the number and type of contacts you have and if the type of posts you make are logical.
NEVER SEND MONEY OR PASSWORDS
Never is never.
Do not even think about it.
Never.
Social engineering will try to disguise itself by diverting the payment to a place that belongs to it.
If you have to make some type of payment, rest assured that a real issuer will send you to its own website, to an account on its own payment platform, and never to a trusted corporate platform.
Similarly, with passwords, nowhere on the Internet will you be asked to lend your password.
If it is a security or support technician, he already has the legal means to offer you real help.
USE THE OFFICIAL CHANNELS
If you need to contact a vendor or supplier, always do so through official channels.
Use their website, their app, or their verified social networks.
When you do an Internet search trying to contact them, pay attention that you access the company’s website and not that of a third party that has paid for an advertisement to appear instead of the one you are looking for.
NOBODY GIVES HARD TO PESETAS
Don’t fall into the oldest trap on the Internet.
If someone has told you that you have won a giveaway that you did not participate in, it is a Social Engineering hoax.
If someone tells you they’re renting you a home for half the regular price, it’s a social engineering hoax.
If someone asks you to pay an advance on a product that you have not seen, they are also deceiving you.
Being reasonable with the prices of a product is one of the key points to defend against this type of attack.
There are no bargains impossible to imagine. not on the internet either
