The ultimate guide to avoiding social engineering
“Social engineering” is manipulating people online by exploiting their natural, human vulnerability to get them to divulge sensitive or confidential information and then using it for fraudulent purposes. It is a preferred practice of cyber-fraudsters, the pirates of the internet, and it’s happening more and more often.
According to Cobalt Labs Inc., a leading cybersecurity company, in 2021 there were over 2,200 successful cyberattacks each day, which breaks down to nearly one cyberattack every 39 seconds. 95% of attacks include a social engineering element.
It is likely you’ve received an attempt at social engineering, if not an actual breach of your computer.
Here are Five common types of online social engineering fraud
- The catfish (i.e. romance scams)
Catfishing is one of the most common and repugnant forms of social engineering. The cyber-fraudsters create fake social media profiles by using someone else’s photos, videos, and personal information. These fake identities are then used to spark a romantic relationship, often via dating websites, and then manipulate the victim into sending money. Victims have been known to give hundreds of thousands of dollars to their online fraudulent lovers. - Unwanted tech support
Tech support swindles will often get under your radar, with attackers alarming you by telling you that there is something wrong with your device or you need an upgrade. As a result, you are fooled into paying for technical issues you don’t have or giving up your personal details. You could even be fooled into letting the fraudster take over your computer. - Clickbait
Clickbait is the tool of manipulating you to click on website links with tempting headlines. Cybercriminals often send enticing advertisements related to games, movies, or other websites. Victims are tricked into thinking that these advertisements are legitimate, and clicking these links installs executable commands or malware into their system. - Fake emails from trusted people
Another social engineering attack involves cyber-fraudsters posing to be someone that you know, having hacked your friend’s contact list, enabling the crook to send legitimate-looking emails to you. Victims are usually trapped into thinking that their trusted person is in need, thus sending over financial details or even money to the offender. - Phishing
The most common form of social engineering attack is phishing. With phishing, the fraudster sends an email intended to manipulate you into clicking a malicious link or attachment, or divulging personal information. These emails, and the malicious links within them, are deceptive! They are designed to look exactly like they come from a legitimate company, like your bank or credit card company. According to Firewall Times, the most impersonated website is Facebook, and Amazon is the most impersonated in emails.
How to protect yourself from social engineering
Your own wits are your first defense against social engineering fraud. Simply slowing down and approaching all online interactions with skepticism will stop most social engineering attacks. Additionally, consider the following:
- Use strong, unique passwords for every relationship. Using a password manager removes the pain and complexity of doing this. These are widely available; Dashlane, LastPass, and OnePass are great products you can explore. Now you only need to remember the password for the password manager, which should be two-factor protected. Click here for our guide to creating strong passwords.
- If it sounds too good to be true, delete it! You have not just won or inherited a huge sum out of the blue. And no, sadly, that Nigerian prince or princess doesn’t want to marry you.
- If you can’t meet them, delete them. Be wary of any online-only contacts or people who don’t want to connect by phone or video or in person.
- Do not click any link you did not request. If the sender is unfamiliar, delete the email.
- Do not share personal information online! Most legitimate organizations like your bank will never ask.
- If you receive an email from a company you don’t recognize, and there’s no button or link to unsubscribe, mark it as spam. Your computer will delete it and block further attempts to reach you.
- Use two-factor authentication when offered. If you must give personal information, such as for a new insurance policy, only do so if the company offers two-factor authentication. This is when you enter your username and password, and a code is sent to you by text message, which you must enter to complete the connection.
All of this may seem like a big hassle, but it’s far smaller and easier to manage than an actual attack. At the very least, remain vigilant and skeptical of bright red flags, such as the person you’re messaging not wanting to schedule a video call or someone who has a suspicious interest in your banking information. If you still need to be convinced of the severity of this issue, and are looking for your next TV binge, you might check out “Catfish: The TV Show.”
Sign up for our newsletter using the form below to receive more practical information about how to keep yourself safe online!