by Noeleen Silva, ICS 281 student at Kailua High School
Special to Ka ‘Ohana
With more Americans spending time online during the pandemic, it’s important to be aware of social engineering techniques, which manipulate victims into giving access to their private information, personal data or valuables. In cybercrime, these “human hacking” scams can also lure people into spreading malware infections or accidentally giving access to restricted systems.
Social engineering is one of the greatest security threats that can happen online or in-person, and is typically done without the victim knowing until it is too late. Baiting, phishing, pretexting and tailgating are some of the ways a victim may accidentally allow a cyber-criminal to cause havoc to his or her life.
Bating happens when attackers leave a malware-infected device, such as a USB, in a place where someone will likely find it. For example, a flash drive could be found at a coffee shop, restaurant or parking lot and a curious “finder” may try to see what is on it by plugging it into a computer. Once the USB is plugged in, the malware is automatically downloaded and allows the attacker to hack into the victim’s system. Hackers develop many different types of malware, so the amount of damage the USB can do depends on the attacker’s abilities and the information he or she is trying to obtain.
Phishing is another common form of social engineering. Phishing occurs when hackers attempt to obtain access to your personal information by sending fraudulent email messages to victims acting as a “trusted source.” In a phishing attack, the victim is tricked into installing malware or logging onto a website that looks very similar to the trusted source, which then gives the criminals the victim’s personal, financial or business information. Once attackers obtain this information, they may use it for financial gain themselves, or they may sell the information to other criminals or blackmail the victim.
Pretexting is a more simple form of social engineering. Pretexting happens when an attacker makes up false circumstances to push a victim into providing access to sensitive data or protected systems. A common example is when a scammer pretends to need financial data in order to confirm your identity via email or telephone. The victim may unknowingly give the scammer his or her information thinking it is a trusted business, but once access is given, the scammer will act quickly to take control of the victim’s account or system.
Tailgating is a complex and dangerous form of social engineering that is done face-to-face with the target. This technique is used when a criminal follows a person or an authorized staff member into a restricted access area such as an office building. The goal of tailgating is to find valuable confidential information and gain access to a private home or business. Tailgating could also happen when someone asks you to borrow your smartphone and installs malware or steals data right under your nose.
Being aware of scams like these can help protect you against most social engineering attacks. There are a few simple ways to protect yourself from being a victim.
- Do not open emails or attachments from suspicious sources.
- Remember, if you do not know who sent the email, you are not obligated to answer the email.
- Always double check that you are using the genuine service provider’s website or telephone number.
- Be wary of tempting offers; as the saying goes, if an offer sounds too good to be true, it usually is.
- Looking up the topic can help you quickly determine whether you are dealing with a legitimate offer or a trap.
- Lastly, make sure your antivirus or antimalware software on all of your devices is updated. It is highly encouraged that you enable automatic updates or make it a habit to download the latest signatures.
Finding yourself a target of a scammer can be really scary but understanding what the cyber criminals are capable of will help you steer clear of these common traps.