Most attacks on the internet require some type of human intervention. For example, a click on a phishing email or the oversharing of sensitive details through a text message.
Network and email security have become much more sophisticated over the last decade, which has led to hackers relying even more on human intervention to facilitate a malware infection or data breach.
An IBM study found that human error was responsible for approximately 95%of data breaches.
The method of tricking humans into taking a specific action is called social engineering. This when psychological manipulation is used to get a person to do something, such as divulging sensitive information, opening a malicious file attachment, or inputting login credentials in to a spoofed sign-in form.
Social engineering is used across several different mediums,one of these is phishing emails, which are responsible for delivering 65% of all ransomware attacks.
Where is social engineering used?
· Phishing emails
· Social media
· Apps with direct messaging
· Text/SMS (“smishing”)
· Phone (“vishing”)
· In person
Basically, any point of contact that a scammer can make with you can become a medium for using social engineering to trick you into doing something.
Being aware of the common tactics used in social engineering scams can help you spot them and avoid falling for the con.
Here are several surefire ways to identify a potential scam.
Whether someone is trying to trick you through a phishing email or a direct message on LinkedIn, urgency is a common ploy used in social engineering attacks.
You may get an email that says, “Update your email address now or your account will be shut down in 24 hours!” or someone on social media that makes a request for money may say they are in “dire circumstances” and need the cash immediately.
The goal is to play upon a person’s fear of not wanting to miss the deadline and to get them to make a snap decision before having time to think about it.
Another ploy of social engineering is to offer assistance that you never asked for. For example, you may see a popup that states your computer needs a virus scan because malicious code has been detected. Or someone you’ve just friended on social media may offer assistance with a computer issue to get you to divulge sensitive information like your login password to a cloud account.
This tactic is used to gain trust from the victim due to an offer of “help.” It can also be used in a longer con to make the victim feel they owe the perpetrator because of their past assistance with something.
We share an awful lot on social media, more than we even realize. This makes it easy for a new friend request to gain a way in. They simply strike up a conversation about a hobby that matches yours or a band that you like, and they claim to like as well.
This is a way of gaining trust before they begin seeking something else from you. For example, once someone befriends you on social media and you’ve had a few DM conversations, you’re more likely to click a link they send you in a message.
Beware of the fast friend that you don’t know but seems to know everything about you and what you like.
Emails are by far the biggest conduit for social engineering and they come in all different forms. But one common thread in many of these phishing attacks is that they use emotion to get you to take an action.
Here are a few examples:
“We have a large order we’d like to place with your company, it’s in the attached Excel file.” This type of email counts on excitement for a new order, and a person opening the attachment without thinking.
“You’ve failed to renew your subscription and the account will be closed if you don’t take action now.” This type of email for an account that you know is paid attempts to stir up fear that you could lose important data and possibly may get in trouble for some type of mistake.
The fake order email. Getting an order email that looks like it’s from Amazon or another retailer can stir up instant anger and confusion. You may wonder if your card has been charged for an order you didn’t make and click the link without thinking.
Get Help Spotting Social Engineering with eMailAde!
eMailAde has an intelligent algorithm designed to spot and mark dangerous social engineering attacks with a red alert for users.
You can download eMailAde Outlook for Windows right now and try it free for 30 days (no credit card required). It’s fast to install and itcan start protecting your business from phishing attacks within 5 minutes!
References linked to: