What is Social Engineering and How are you Affected?

Only a few pieces of your publicly available information can leave you vulnerable to cyber attacks.

Imagine this situation where hackers could use a few of your personal details in your online chat with them and ultimately access your account through an online customer service rep of your telecommunications company.

In a series of online chats, the hackers would obtain your email address, date of birth, credit card last four digits, account number, and many other account details.

The hackers would then use this information to convince one of the telecommunications company reps to help them execute a SIM swap – they could deactivate your original SIM card and create a new one which they can use in their phone. Armed with the new SIM card – which was linked to your account – they would be able to access most of your account’s details.

Even a two-factor authentication process – a security step that alerts you when someone tries to access your account – could not stop the hackers. Through the SIM swap, they could divert those alerts into their phone, effectively bypassing the two-factor authentication barrier.

You would only become aware of the hack when your phone stops working. By the time you log into your accounts, most of them would have been emptied.

This is an example of a common social engineering fraud that happens through the phone, email, text or online chat windows.

What’s Social Engineering?

Social engineering is a tactic used by cyber criminals to get users to reveal confidential information. The criminals use that information to access systems and to execute activities that are detrimental to the organisation or person whose confidential data they have access to.

This practice exploits human psychology rather than technical hacking techniques. The cyber criminals tap into the trust that users innocently provide those who often pretend to be a customer, colleague, friend, service provider, employee, or boss.

The criminals, under the guise of protecting or checking users’ data, demand confidential information which they use to steal their victims’ money, identity, etc.

How does social engineering work?

Social engineering is one of the most used and most effective means of cyber-attacks. It works by targeting the most vulnerable part of a security chain — the users.

Users are typically targeted in the following ways:

1. By phone/online chat windows/email — criminals pretend to be employees of an organisation, say an ISP, or a bank, and after asking the expected questions to gain your trust, they demand sensitive information like passwords and credentials.
2. The most common type of social engineering fraud that happens online is phishing. Through phishing, criminals trick their victims into exposing their personal information by making the victims believe they are on a secure and trusted site.
3. Criminals also often use files attached to emails from people you know and correspond with to launch cyber-attacks. The fraudsters first attack a user’s address book with malware and then send emails with their file attachments to the user’s contacts.

How to protect yourself from social engineering?

Being aware of how social engineering works is the most effective way of protecting yourself and your company from social engineering fraud. There are more articles about social engineering tactics and security awareness training available in our getNEXT blog.

At getNEXT we are committed to helping our customers safeguard their IT integrity and ensure their business continuity, focusing on business outcomes, not technology solutions alone. Get in touch today to see how we can help your business.