Types of Social Engineering Attacks & Countermeasures
We need to understand the various types of this attack, because this is performed on common people. Your single mistake will lead to your great loss that may be financially, emotionally and more.
1.Psychological Attacks
These are mostly technical attacks that are performed over the internet through various means.In this hacker plays with your mind, lets you enter sensitive information and thus take out all your info.
a).Bank Fraud: This is the best way a hacker can win your trust. And also having fear of losing money people immediately give their credentials over call or email. Don’t forget no bank ask your personal details over phone or email. If it seems urgent, visit the bank physically and check the scenario.
2.Phishing Attacks
These are the most common attacks among all we are discussing. To acquire your sensitive information, hackers target you via fake websites, emails, ads, Paypal websites, free offers etc.
a).Spear Phishing: It is a customised attack on a specific employee and company.
b).Whaling Phishing: It is a specified type of spear phishing where an employee at a senior post is targeted.
c).Vishing: It is also called Voice Phishing where victims are targeted via call(Over VoIP).
d).Pretexting attacks: This hacker wins your trust by inventing a convincing scenario, and then asks you for your private information. It may be like offering you a job and asking you to fill private information in some form for the company. Another scenario might be like giving news of winning the lottery and asking you to give bank details for transfer of money.
e).Spoofing: Here a hacker sends you an email message, imitating the person that you can trust or think like this is a true message. Like an employee getting an email from his boss(actually a hacker) to give credentials as he wants to see some important records immediately.
Physical Attacks
In this type of attack a hacker is physically present around you and hacking you.
a).Dumpster Diving: In this hacker searches through trash for sensitive information like some kind of sticky notes on which old/new password was written.Getting details of employees in telephone directory and more like this.
b).Shoulder Surfing: Here hacker tries to see password over your shoulder when you try to login.
c).Staff Impersonation: In this scenario the hacker will call himself as a trusty employee of the company and will ask for your information for emergency login. Here they can threat you to block your account or firing you out of company. So playing with your emotions is not a big deal for them.
Countermeasures
-> Think before click
The best possible way a hacker can enter into your system is through a link or URL which he might have sent through email, social media, etc.These links seem like a proper one without leaving any suspicious thought in your mind. This link actually contains some malware or virus through which all data could be sent to hackers. This gets activated when you click on this and might take you to some website which will be the original one but malware like trojan horse will run in background. Now question will come in your mind, how to know whether link is safe or not, follow some steps for your answer:
1. Open www.virustotal.com
2. Give URL or link under URL domain.
3. Check for results and verify.
->Research the sources
Always be careful of any unsolicited messages. Check the domain links to see if they are real, and the person sending you the email if they are actual members of the organization. Utilize a search engine, go to the company’s website, check their phone directory. These are all simple, easy ways to avoid getting spoofed. Hovering your cursor on a link before you actually click on it will reveal the link at the bottom, and is another way to make sure you are being redirected to the correct company’s website.
->Email Spoofing
As you know a hacker needs to reach out if he wants to hack you.This email could be the best way to do that. He will take any trusted email that is spoofable and will send mail through the trusted person’s name.So let’s have a look how to check whether email is secured or not.
1. Call the sender if possible and verify whether he has sent any email and does it contain any file, link, or other attachment.
2. Always read the email header before opening the whole message and clicking on any.
3. Check for receiver authentication by hovering over his photo and if there is a question mark then the user might not be the legitimate sender.
->Don’t download until 100% sure
From the email you get an idea whether it could have any file to be downloaded. But still for security reasons, ask the sender on the phone whether he has sent any attachment, or tell the sender before to write a keyword like URGENT in subject if anything needs to be downloaded.
->Don’t believe in offers and prizes easily
Offers and prizes are used as bait to get you in a trap.Hacker throws pendrive in a coffee shop and getting it free you take it up and start using it directly to your computer and lose everything. Online cheap offers make you spend money and in return you get nothing.Recent cases of mobile phones have been seen over social media handles where they promise to give smartphones in 5000 which actually cost you 35000. Don’t get fooled by them.
->Don’t send your personal information
For your information, no company wants your private information to be sent over email or social media. Write the least information if someone asked for that you had shared publicly even. Don’t share passwords even via call, it doesn’t matter how important it is.If someone in your company needs data urgently then visit your company and check the whole scenario instead.
->Set your spam filters to high
Your email software has spam filters. Just check it out and set it to high to avoid risky and spoofed emails to flood into your inbox.
In Gmail, Settings > Filters and blocked addresses > Create filter.
->Secure your device
Use VPN, firewall, and more security measures that you can afford for your devices. Never hesitate to spend money on security. Today security is more important than buying the branded stuff.
->Be aware of risk
Try to be updated on what is going on in the market. You should know a little about new malware, which app or software got updated and check for updates in your device too. Always double or triple check the risk. Make sure your antivirus is updated and working properly.
->Don’t respond to any messages, especially from an international number.
“If it’s too good to be true, it’s probably a fraud.”
