{"id":2085,"date":"2021-12-14T01:27:23","date_gmt":"2021-12-14T09:27:23","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=2085"},"modified":"2023-09-27T06:21:30","modified_gmt":"2023-09-27T13:21:30","slug":"social-engineering-and-how-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/social-engineering-and-how-to-protect-yourself\/","title":{"rendered":"Social engineering and how to protect yourself"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

By now, it probably seems like you know all about how to protect yourself online. You\u2019ve downloaded the antiviruses, implemented the firewalls, your password is uncrackable, and you reckon you could spot a phisher a mile off. But do you know how to protect<\/a> yourself from social engineering?
<\/p>\n\n\n\n\n\n\n\n

Social engineering is different from other kinds of hacking attempts because it tends to be more personal and, as a result, harder to spot if you\u2019re not prepared for it. Because social engineering cases are on the rise \u2014 with threats increasing by 270% in 2021<\/a> \u2014 it\u2019s crucial that everyone knows how to prevent themselves from becoming a victim. 
<\/p>\n\n\n\n

Read on to learn more about social engineering and how to protect yourself.<\/p>\n\n\n\n

What is social engineering?<\/h2>\n\n\n\n

Social engineering encapsulates a broad range of malicious activities that typically involve human manipulation in an online setting (though sometimes in real life, too). The malicious actors want something from the victim, such as access to their online accounts or the accounts of the company they work for, often for data theft, financial gain, entry to critical resources, or to cause general disruption. 
<\/p>\n\n\n\n

Before an attack, the perpetrator generally investigates the background and online profile of the victim so that they can use this information to pretend to be a person or entity that they know. Once they have enough information, they\u2019ll approach the victim somehow, for example, via email or a messaging app where they pretend to be a friend or another trusted source. They might send them a link, an attachment, request information or perhaps ask them to donate to their charity event. Sometimes the message has a note of urgency to encourage the victim to act without thinking, with perpetrators posing as a friend in trouble who needs money immediately or informing them that they\u2019ve won a cash prize but only have a limited time to claim it. The victim, none-the-wiser, will often comply with their \u201cfriend\u2019s\u201d request without even thinking twice. 
<\/p>\n\n\n\n

This is a very general overview of how a social engineering attack can play out. In the next section, we\u2019ll discuss the common types of social engineering attacks so that you know what to look out for. 
<\/p>\n\n\n\n

Common examples of social engineering<\/h2>\n\n\n\n

There are myriad forms of social engineering attacks, but here are the 4 most common.<\/p>\n\n\n\n

Phishing<\/h3>\n\n\n\n

One of the most common forms of social engineering, you\u2019ve likely encountered a phishing scam or two in your inbox over the years. Phishing scams usually target large groups of users, most often pretending to be a known company. These emails will lure victims to a fake but convincing landing page under false pretenses and encourage them to log in or enter personal details, which the perpetrators will use for nefarious purposes.
<\/p>\n\n\n\n

Read more about phishing and how to protect yourself in this blog post<\/a>.<\/p>\n\n\n\n

Spear phishing<\/h3>\n\n\n\n

Spear phishing is similar to phishing, but targets specific users and convinces them to hand over information with more personalized emails. These kinds of emails often target more high-profile victims such as company executives or CEOs, but not always. Common examples include emails impersonating IT professionals at a company and requesting that employees change their passwords with a malicious link, or impersonating vendors companies work with and sending fakes invoices with large payments attached.<\/p>\n\n\n\n

Pretexting<\/h3>\n\n\n\n

This is a type of spear phishing attack that requires the most effort, with the scammer researching the victim before contacting them and impersonating a trusted source, such as a representative from a vendor or company they work with, or even a fellow employee. A famous example of pretexting occurred in 2020 when hackers managed to take over<\/a> high-profile Twitter accounts, like those of Bill Gates and Barack Obama. The perpetrators did this by targeting Twitter employees who had access to Twitter\u2019s internal support tools over the phone.<\/p>\n\n\n\n

Scareware<\/h3>\n\n\n\n

This type of social engineering convinces the victim that their computer has been infected. It might come in the form of a pop-up or email that asks the user to call a number for a bogus customer care hotline that will likely scam them out of money or download some kind of malware. Often the pop-up or email convincingly impersonates the look of an antivirus or service the victim uses, so they think it\u2019s real. <\/p>\n\n\n\n

How to protect yourself<\/h2>\n\n\n\n
  1. Be critical of every message you receive<\/strong><\/li><\/ol>\n\n\n\n

    Some of this is common sense stuff you already know, and things we mentioned previously in our phishing blog. Don\u2019t open links or email attachments from unknown sources or those claiming to be from companies you know. Double-check on the official site to make sure it\u2019s legit.
    <\/p>\n\n\n\n

    If you receive a message from a colleague on another application outside your usual work communications, treat it with suspicion, especially if they\u2019re asking for sensitive information or passwords or send you any links or attachments. Tell them to contact you via official channels and alert your IT department if they refuse. Better to proceed with caution than put your job on the line.
    <\/p>\n\n\n\n

    If you get a call from someone claiming to be from your bank or Internet provider asking you to give them sensitive information or to make changes to your computer, hang up immediately and contact them through official channels. 
    <\/p>\n\n\n\n

    1. Watch your digital footprint<\/strong><\/li><\/ol>\n\n\n\n

      Unless you\u2019re a social media influencer, you probably don\u2019t need to share all that much information about yourself online. All kinds of information from your interests to your relationships can potentially be used to manipulate you, so be cautious about what is public. Even if you are in the public eye, be very careful about divulging information about where you work and your location. On sites like Facebook and LinkedIn, be sure to hide your contacts and friends so that potential malicious actors don\u2019t have access to them. Google your name to find out what information can be found publicly and see what you can hide. 
      <\/p>\n\n\n\n

      1. Make sure your online accounts are secure<\/strong><\/li><\/ol>\n\n\n\n

        This means using strong passwords and never reusing them. By having a unique password for each site you\u2019re ensuring that if one account is compromised, the malicious actor won\u2019t have access to the rest. The easiest way to lock all your accounts with strong, unique passwords is by using a password manager.
        <\/p>\n\n\n\n

        A good way of ensuring your accounts aren\u2019t compromised even if your password is stolen is implementing 2FA (two-factor authentication) when possible. If the hacker needs access to another device to get into your account, then just having your password won\u2019t be enough.<\/p>\n\n\n\n

        <\/p>\n\n\n\n

        1. Familiarize yourself with social engineering trends<\/strong><\/li><\/ol>\n\n\n\n

          Hackers are constantly coming up with new techniques to scam people, particularly as more and more everyday services move online. Keeping up-to-date with how these scams play out is a surefire way to ensure that you know the signs and don\u2019t become a victim. <\/p>\n\n\n\n

          Conclusion<\/h2>\n\n\n\n

          It\u2019s an unfortunate reality that as our world becomes more digital, malicious actors come up with more new and clever ways to trick people into handing over sensitive data and cash. Although social engineering can take many forms, getting scammed doesn\u2019t have to be an inevitability. Keeping yourself educated, minimizing your digital footprint, and securing<\/a> your online accounts can go a long way to staying safe online.
          <\/p>\n","protected":false},"excerpt":{"rendered":"

          By now, it probably seems like you know all about how to protect yourself online. You\u2019ve downloaded the antiviruses, implemented the firewalls, your password is uncrackable, and you reckon you could spot a phisher a mile off. But do you know how to protect yourself from social engineering?<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2085","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=2085"}],"version-history":[{"count":8,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2085\/revisions"}],"predecessor-version":[{"id":2627,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2085\/revisions\/2627"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=2085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=2085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=2085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}