Social engineering is the act of tricking people to give up confidential information for the purpose of fraud, unwarranted system access, or information accumulation. Many online criminals are shifting their efforts from hacking to social engineering since exploiting someone’s natural inclination to offer assistance is easier than hacking the software directly. The following list contains the three most common strategies characteristic of social engineering attacks.
- Online Phishing
With online phishing, an attacker sends an online message to a victim that appears to come from a trusted institution. The message may explain that there has been some issue that can be resolved if the victim clicks a verification link or inputs personal information. It may also claim that you are a “winner” of some prize, and that you need only input your information to claim your prize. These messages often ask victims to input information immediately before an impending deadline in order to encourage the victim to act without thinking.
- Phone Phishing
An attacker calls a victim using an interactive voice response (IVR) system pretending to be a banker or some other kind of institution representative. The victim is then asked to divulge personal information. The phone phisher then uses this information to access personal accounts.
On a peer-to-peer website, an attacker offers a link to download or purchase, for example, new music or an online item. When the victim clicks this “bait,” not only does the victim not receive what was offered, but malicious software is transferred to the victim’s computer. This software creates new security issues for the victim and the victim’s contacts.
Due to the growing popularity of social engineering, you must now be more vigilant online. If a message conveys a sense of urgency, you should review the message carefully, as this is a common trait among phishing emails. Do not click links presented in emails if possible. Instead, find the website yourself using a search engine. If you choose to go to the link directly from an email, as a safety check, investigate the link by hovering over it with your cursor before clicking. In addition, you should always call banks and other financial institutions directly. Finally, you should never reply to emails asking for personal information.
At CapLinked, your security is our priority. To see how we keep your information safe, check out our security page.