Social Engineering Attacks

Technology has made life much easier, however, it has also opened the door to new and more extensive forms of fraud. Each and every day people are losing valuable information to those who use technology to gain unauthorized access to information. Although businesses and some individuals try to invest in new technologies that will defend their information, technology advances every day and new vulnerabilities arise all the time. There is an attacker who exploits weaknesses found in individuals. This attacker is known as a social engineer. Social engineering involves a human element, which is why security awareness training is essential to users of the system.

Social engineering is a process of manipulating individuals to provide sensitive information. It involves some form of psychological manipulation, fooling unsuspecting users into handling confidential or sensitive information. It usually involves email or other communication that invokes fear, panic, and urgency, causing a victim to give out sensitive information, click a malicious link, or open a malicious file

Attacks

  • Phishing involves sending emails as though from a reputable company so as to induce individuals to reveal personal information, such as passwords.
  • Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found and used by a victim.
  • Scareware involves tricking the victim into thinking his/her computer is infected with malware or has inadvertently downloaded illegal content. It then provides a solution to the problem, but in reality, the victim will be downloading malware.
  • WannaCry Ransomware attacked more than 230 000 computers running windows in more than 150 countries, including South Africa, in May 2017. It is believed to be a virus which blocks access to files until a payment is done to the person who unleashed it. Researchers suspect it to be using tools stolen from the US Government‘s National Security Agency (NSA). Although Microsoft updated Windows, all computer users should not click and download files from any untrusted source.

Recommendations

  • Do not open any emails from untrusted sources.
  • Do not give offers from strangers the benefit of the doubt.
  • Lock your laptop whenever you are away from your workstation.
  • Purchase anti-virus software.
  • Read, understand and follow your company’s privacy policy

The weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel, if you trust the person at the door and you let him/her in without first check their legitimacy, you are completely exposed to the risk presented. Security is everyone’s main priority and Right, therefore user awareness training is needed to reduce social engineering attacks.