The target of Cyber Criminals has now shifted from email techniques to much more developed and targeted social media engineered attacks.
Social engineered techniques used by Cyber Criminals allows them the ability to access networks, systems or data by exploiting human psychology and curiosity, rather than using technical hacking techniques. Using a variety of methods, including phone calls and social media messaging, attackers trick people into giving them access to valuable personal or corporate information.
Throughout this article, we will be displaying the top 3 techniques used by cybercriminals to allow you to successfully be able to have an understanding of these methods so you can then be vigilant and give knowledge-based information to your employees so they can better be aware of their social activity.
Method 1: Phishing.
There is not a more popular type of social engineering than phishing attacks. Phishing is when hackers send fake emails disguised as legitimate ones (usually from a bank or another authority source like the Australian Tax Office – “ATO”) to get you to either share valuable information, such as credit cards details or to try and get you to click on a malicious link that can infect your computer not only for malware and ransomware but also as we have covered before, crypto mining.
There is a multitude of different phishing techniques as it’s been around for so long and it’s been heavily developed. There are simple and poorly crafted methods that can easily be spotted. However, others look very sophisticated and can trick even the most experience of internet users.
Example, a few years ago a Snapchat employee gave up important information via email to a person who claimed to be the CEO of the company!
Method 2: Baiting.
If you would like a strong social engineering method that has the least amount of human interaction you can look no further than ‘Baiting’. Baiters may offer you things like a free music download, software downloads or movie downloads to exploit human curiosity. In other cases, hackers have used physical media, such as USBs, to exploit human curiosity.
How does that work? A common and simple method is leaving an infected USB at a coffee shop, office building hall or similal places where there’s a high chance someone would find it and are tech savvy enough to use it. As soon as it’s injected into your laptop and opened, boom, your device now has a malware installed and you probably saw one random file on the USB, you deleted it and thought “Awesome I now have a free USB” probably costs less than 10$ with a great return for the hacker.
Example 3: Pretexting.
What is pretexting?
Pretexting attacks essentially rely on building trust with the target and usually requires some background research and a credible story. A very popular method that hackers use is calling up a department within your business claiming to be from another department. They then will pretend that they are having an issue, an emergency, and they need to get some information or access something quickly. The other person eventually gives up and provides the passwords or other required credentials and they are in.
How can I protect myself, the team and the business?
Here are some free simple ways:
- Never use the same password for different business accounts.
- Untrusted emails should be deleted straight away.
- If it seems suspicious it probably is.
- Get an anti-virus software and a reliable virtual private network, such as NordVPN.
- Go to the NationalPrivacyTest.org to understand how much you know about cybersecurity.
- Lock your laptop and smartphone when leaving your desk.
- Get an MSP to take care of your Cyber Security worries.