Social engineering attacks

28.04.2020

Back to blog list

With how connected the Internet is today, a lot of information that we couldn’t afford to share is potentially within the grasp of the most inventive malicious predators online. One of the ways this is done is by way of malware. With malware, you could accidentally enter your bank information or information could be found that you’ve forgotten that you’re storing on your hard drive and you could potentially end up having to endure major financial losses or worse. Watching what you download is prudent but it demands too much attention. Sooner or later, you will find yourself vulnerable to installing malware without malware analysis tools. These tools include tools for reporting on Windows PE files, Linux rootkit detectors, static analysis framework, file identifiers, pattern matching tools for analysts, and programs designed to determine types of files. If you want to know how to get rid of malware, these tools will greatly improve your chances of doing so. However, you are well-advised to do so in advance and prevent such files from being able to be installed as well as visiting a site that is preliminarily scanned and identified as a malware website.

Social Engineering Techniques

Social engineering has become one of the most popular and successful ways that malicious persons have learned to compromise private companies’ and individuals’ personal information and exploit it. Social engineering is the art of what three things exactly? Phishing, pretexting, and baiting. For phishing, this is done by an employee receiving an official-looking command or request from a senior or reputable organization like NASA that involves the provision of personal information or the downloading of malware. This may also be someone posing as an upper manager in a paper company who is asking for a customer list while the latter may be an email claiming that someone missed a voicemail. What they end up downloading subsequently results as malware, rather than the voicemail. Other social engineering methods involve fake LinkedIn invitations which people mistakenly enter their passwords into and fake IRS forms that people enter their social security numbers into. An example of baiting is when free stuff is offered, including free programs or content downloadable through links. One of the ways that malicious people find social media accounts, including accounts that post a lot of personal information publicly that could help them guess passwords, is social media search engines.


Phishing attacks which have been recently reported


How to Avoid Social Engineering Scams

One of the first steps you can take is render your information more private on your social media accounts so that no stranger can view them. Don’t include the name of your old school, your hometown, or other words that are included in your password. Two-step authentication is a big help as well. Most effective of all, of course, is raising awareness and conducting drills regularly with employees in addition to establishing policy that prevents these problems from happening.


Investigation Personal data Risk management