We’re in a time where everyone is connected online, and there’s ease of access to information. But, there are two major challenges; misinformation and the risk of cyber attacks. More than ever, there’s a rise in misinformation as there are too many contents published online with literally no means of vetting them. Some persons intentionally publish fake news and controversial content in a bid to get into the spotlight. And there are others that mastermind social engineering attacks in order to steal the data of internet users, commit fraud, impersonation, cyber stalking and even bullying to the point of cancellation and business loss.
Table of Contents
What is Social Engineering?
Imagine a magician who plays tricks on you making you doubt reality. Now, imagine if you receive a call from a lottery platform claiming you’ve won the lottery. Whether you play the lottery or not, it sounds too good to be true. In your excitement, the caller would ask for something sensitive like your bank details. They usually shrug this off as a harmless verification requirement. Some would even go as far as revealing some of your details just to let you trust them enough to reveal the remaining details. That’s what social engineering is; it’s a subtle manipulation of perceptions to believe what isn’t true.
With that said, social engineering attacks – especially online, are manipulative cyber attacks that trick people to reveal sensitive data. While it’s easy to detect some fraudulent attacks such as seeing an ad claiming you’ve won an iPhone, social engineering attacks are usually more subtle and psychological. Imagine receiving an email from your bank, and everything looks normal. Sometimes, all it takes to escape such an attack is a gut feeling despite everything else looking normal.
Phishing Attacks: The Most Popular Social Engineering Attack
There are different kinds of cyber attacks, but there’s none as popular and successful on a large scale as phishing attacks. Phishing attacks simply involve sending deceptive contents through emails, texts, ads, and even phone calls that look like they’re from legitimate sources. Popular formats include receiving emails or calls from banking service providers, recruitment firms, lottery platforms, and even from family members. Phishing attacks always appear urgent and the attacker often pretends to be caring in a bid to get victims to reveal sensitive data.
Generally, social engineering attacks like phishing result in stealing of data, emptying bank accounts, securing loans using a victim’s data, and outright impersonation for further crimes.
How to Protect Yourself from Social Engineering Attacks
While social engineering attacks can be really difficult to detect, there are steps you can take to protect yourself and your business:
- Trust No One: This may sound paranoid , but it’s the safest approach to accessing online content. Be wary of unsolicited emails, messages, or phone calls, especially those that create a sense of urgency or fear. If it’s too good to be true, then it’s likely false. And if it sounds too urgent or fearful, then it’s likely a trap. Panic often makes you act without thinking, and that’s what an attacker would be counting on.
Whenever you’re uncertain about a call or text, never reply with certainty. Rather than “yes” or “no”, respond with vague terms like “maybe”, as these could potentially throw off an attacker, and give you time to assess what’s happening.
- Verify the Sender: Unless you’re 100% sure of the sender of a content, always verify who sends anything to you. If a person claims to be from a family member, drop the call and verify with the said family member. If an email address looks genuine but the message is unexpected, confirm by reaching out to the sender through other channels. Sometimes, a trip to the bank is all you need to detect a
- Avoid Clicking on Suspicious Links: Never click on links or download attachments from unknown or suspicious sources. More importantly, never click on any unexpected links while using your business email or PC.
- Install a Strong Antivirus: Both your smartphone and PC should have a strong antivirus that can detect and quickly flag potential threats. While most PCs come with pre-installed antiviruses, you can improve your safety by installing other antiviruses e.g an antivirus for Mac, or an internet-security antivirus. Ad blockers are helpful against malicious ads.
- Use Strong and Unique Passwords: While you might want to use a single password for all your accounts online, it’s a risk. Always use strong and unique passwords for all your online accounts. If you’re afraid of forgetting the passwords, use an encrypted password manager to protect your accounts.
- Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a one-time code/password (OTP) sent to your phone. Remember, if you didn’t do anything requiring an OTP, never use or reveal such OTP.
Final Advice
When surfing the web, sometimes being paranoid about every single link or email is the best way to avoid getting scammed. As such, you should always have it in mind to verify everything you come across. After taking the basic steps in securing your smartphone and PC, having the mindset of verification first, will save you from the subtlest attacks. Of course, trust your gut if it senses something wrong.
As the world advances in technology and connectivity, you’ll get exposed to opportunities and threats alike. What matters is knowing how to identify and handle threats whenever they surface. Remember, if it’s too good to be true, then it’s likely false.
