Social Engineering: Cybercrime Meets Human Hacking
According to a recent ISACA State of Security 2021 report, social engineering is the leading cause of compromises experienced by organizations. Findings from the Verizon 2021 Data Breach Investigations Report also point to social engineering as the most common data breach attack method.
Social engineering is a term used to describe the actions a cybercriminal takes to exploit human behavior in order to gain access to confidential information or infiltrate access to unauthorized systems and data.
What does social engineering look like?
Social engineering can take many forms. Some malicious actors might trick you into giving your password or financial information away. They may also try and convince you to provide remote access to your computer or mobile devices. Cybercriminals are looking for ways to gain your trust and take advantage of your curiosity by sending messaging that contains malicious links or downloads.
“One method of attack bad actors use quite frequently involves spoofing legitimate vendor support centers. Cybercriminals will pretend to represent these organizations by posting sponsored ads online or through promoted search results. They will offer assistance and sell expired or stolen products of the vendor they have impersonated. These cybercriminals prey on unsuspecting individuals who offer up their personal and financial information because they believe they are in contact with the real vendor,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot, OpenText companies.
Some common social engineering tactics include:
- Impersonating someone. An urgent request from a ‘friend’ or person you may know is a common tactic used by bad actors to compromise your information by attempting to gain your trust.
- A legitimate-seeming request from a trusted source. A phisher may send an email, message or text that appears to be from a legitimate organization you interact with. According to the latest IDG report, phishing attacks are on the rise.
- Oversharing personal information online. Some cybercriminals will gather intel through social networking sites like Twitter or Instagram and use that information to spoof various services or places you visit.
“Oversharing personal information online is especially dangerous for public figures or prominent employees. Cybercriminals conduct research online through a user’s social media channels to determine where a person visits and what activities a person participates in. Cybercriminals will then spoof their target with seemingly legitimate messages from that vendor with attractive offers. All they need is a click,” says Moffitt.
Avoid becoming a victim
To outwit social engineering attacks:
- Slow down and remain in control. If you receive a message that conveys a sense of urgency to act, carefully consider whether you should respond.
- Beware of what you download. Use a reputable web browser and remain conscious of what links you are accessing before clicking on them. Avoid downloading free applications that may possess remote access trojans that can compromise your device.
- Delete any requests to provide financial information or passwords and report them as spam. Avoid responding to requests for help or offers to assist from individuals you don’t know.
- Invest in security awareness training. Prevent your devices from becoming compromised by common attack vectors by investing in security awareness training. Testing yourself regularly with phishing campaigns can help you learn what to avoid.
As cybercriminals continue to exploit human behavior and take great strides to make their attack vectors appear harmless, it’s important to remain vigilant of how cyber threats continue to evolve.
Webroot offers a number of solutions to help you tackle these ongoing cyber threats. Experience powerful and reliable protection from Webroot that won’t slow you down. Whether it’s updating your antivirus software or learning to spot phishing traps with security awareness training, Webroot has you covered.