Protect yourself from Social Engineering

Article written by: Ahana Roy

Article designed by: Ahana Roy & Palak Tiwari

You might be wondering what exactly social engineering is… Is it a brand new type of engineering in the tech industry that you can find a career in? No.

Social engineering is a form of manipulation -- through various tactics, an attacker will trick you into believing you are at risk or by gaining your trust and then actually putting you at risk. (Imperva). After getting into your head, your attacker will steal your information and use it maliciously.

Let’s talk about how social engineering works and how you can take steps to prevent yourself from becoming a victim of social engineering.

How it works

Social engineering works in a cycle

(https://www.imperva.com/learn/application-security/social-engineering-attack/)

These online manipulators do their research on victims first. They find any information possible on the victims, both online and in person, and then determine what the best method of attack would be, depending on the victim (RangeForce).

Next, they take action. There are many different methods these attackers can employ: Phishing - attackers pretending to be a trusted organization or individual and stealing information, baiting - attacks that prey on the victim’s interests and end up with them installing malware or giving up sensitive information, scareware - software that makes fake pop ups show up on the victim’s computer screen making them believe their device is compromised and turn to a suspicious platform to get rid of it, identity theft - taking on the identity of someone trusted to the user and gaining information through their trust, and dozens more (IT Governance). 

This is the stage where preparations for their chosen method go on. For phishing, they might send out links via email or text. For scareware, they might send you corrupted files. For identity theft, they might impersonate a colleague or friend. Sometimes they use combinations of multiple methods to set up the perfect trap.

Then, they actually harm the victim. Their methods include stealing sensitive information, compromising bank or social media accounts, identity theft, blackmail, and hundreds of other ways that can put people at risk. Once it gets to this stage, it might take time, money, and outside intervention to get back your accounts.

[Will draw image for this section]

Protect yourself!

Now that you know what social engineering is, the next step is learning how to protect yourself against these manipulative attacks.

Here are a few simple ways to protect yourself:

1. Don’t open unknown links from e-mails or text messages. Make sure to double-check that the email is from a real organization, and on text messages, if a friend of yours is messaging you in a manner that sounds different and sends links or software to download, don’t trust it.

2. Don’t download any software from untrusted websites. Many unsecure sites and people may share files that are corrupted with malware, and once it's injected into your device, it won’t be easy to get rid of.

3. When a colleague or friend, no matter how well you know them, seems even the slightest bit strange on a social media or work platform, text their number asking if it is them texting you. This ensures safety even when a hacker compromises the accounts of trusted ones.

4. Don’t plug in unknown USB drives into your computer as they can be at risk of containing malware or scareware. Only use secure, safe USB drives that you know will not harm you.

5. Don’t fall for traps; Research any deals, job offers, etc. that seem fake. Most of the time, they will not be real and are only there to harm you.

Stay Safe!

The internet is great, but there are many people on there who aren’t… Be wary, be careful, and stay safe on the vast internet.