The Dangers of Social Engineering and How to Avoid Falling Victim: Part 2

In the previous article, we have already discussed the common types of social engineering attacks and the consequences of falling victim to them. Identity theft, money loss, and reputational damage are just some of the effects of such attacks that you would want to prevent.

In this article, we will discuss how to identify social engineering attacks (which sometimes can be quite tricky) and avoid falling victim to them. 

Common techniques used in social engineering attacks

The most important thing to remember is that it relies on emotional manipulation. That means that even if you’re not particularly tech-savvy, you can still effectively prevent it by knowing some simple rules. Here are some tips to help you detect a social engineering attack.

Manipulation of emotions in social engineering

Social engineers use different emotions to leverage their targets during attacks. The attackers use natural human tendencies to trust others or care about their loved ones against their victims.

One example of social engineering attacks is chain letters. In the 2000s, chain letters were a popular type of social engineering attack. The purpose of a chain letter was to convince the receiver to copy the message and pass it on. 

The letters often contained viruses such as trojans. While it might seem naive, many people did send these letters and millions of computers were compromised. This effect would be easy to prevent if they knew how to recognize malicious actions.

Another example of social engineering attacks is phishing letters or calls. These attacks usually don’t include direct threats but can rely on feelings of fear, curiosity, or greed. 

If, upon reading an email or receiving a phone call, you notice that the person is trying to scare you, threaten you, or, on the other hand, promise impressive and unrealistic rewards, the chances are high that this is a social engineering scam. 

Urgency and fear tactics in social engineering attacks

A particular type of emotional manipulation is trying to convince you that you have to act urgently or you will lose something important. The urgency factor is important in social engineering so that the victim doesn’t resort to rational thinking. For example, social engineers might pretend to be calling from your bank and say that you have to give them some information to not lose access to your bank account. 

First of all, if the caller presents the situation as urgent, you should be careful. A real bank won’t close your account within hours because you didn’t provide your private information. Secondly, the bank would probably encourage you to come personally to sort things out. Moreover, an official wouldn’t ask you to provide personal information via phone, for example, your password or the CVV of your card. This is the information that you shouldn’t disclose to anyone. You can offer to come to the bank if you have doubts. If the caller becomes rude, defensive, or finishes the call, it’s most likely a fraud. 

Paying attention to how people on the phone treat you, politely or not, and what kind of information they want from you can save you from trouble. In case of doubt, feel free to call the office number on the website to check whether it’s legit. It’s always better to check twice.

Authority impersonation in social engineering

People are very trusting, even more so when authority is involved. Social engineers often benefit from it by impersonating authorities. This type of attack might be the most difficult one to avoid, especially for the older generation. 

Technological development has made it possible to imitate emails, phone numbers, and even the voices of officials and family members. You must pay attention to the smallest details if you don’t want to fall victim to scams. Small differences in logos, fonts, or unusual avatars can all indicate that a social engineer is trying to abuse your trust.

Moreover, social engineers can even hack the accounts of people you know, such as email or social media, to pretend to be them and ask for money. An email that a scammer sends might look exactly the same as the real one and lead to a website that looks exactly like the real one. To identify an attack, you need to pay close attention to what exactly you’re asked to do and how realistic that is.

Here are some questions to ask yourself:

• Who asks for my information, and why do they need it?

• Do I feel like my emotions are being triggered in any way?

• Isn’t the information that they need private/confidential? 

• Can I trust this email/call?

• Is there any way for me to check that this email/message/call is legit, for example, by contacting them via the contact information that I know is legit?

A recommended best practice against social engineering when you’re being asked to share information or send money is to contact the person/organization by the phone number or email that you know belongs to them and check with them.

How to avoid falling victim to social engineering

It's much better to prevent a social engineering attack than try to deal with consequences when it already happens. Here is what you can do to avoid falling victim to social engineering.

Use antivirus and anti-spam software

Social engineering attacks succeed because we often don’t expect them and are not alert. A good way to minimize the chances of being attacked is to avoid them by blocking social engineers’ emails and calls. 

Modern antivirus software alerts you when you try to open questionable links or suspicious attachments. For example, this is how Kaspersky notifies you that you’re trying to open an unsafe link.

Thanks to the use of intelligent spam detection algorithms, modern email hostings automatically detect spam and put it into a separate folder. Smartphones can also be useful to avoid being contacted by social engineers as they can block suspicious or spammy calls or mark them as potentially harmful. Sometimes software might mistake safe links, calls, or emails for spam, but its main task is to cause suspicion and increase your awareness.

Educate yourself

If you know that social engineering exists and can distinguish between phishing, baiting, and pretexting, you're already much better protected than 90% of people. A lot of people think that such engineering attacks are something that happens to other people. But the truth is that anybody can be interesting for attackers. That is why you, too, should develop critical thinking and not trust everything that you read or hear. 

These resources can help you to develop an alert mind and avoid falling victim to social engineering are:

• "The Art of Deception" by Kevin Mitnick. In this book, you will find advice from an experienced social engineer. You will learn how to recognize common social engineering practices and how to avoid them.

• "Social Engineering: The Science of Human Hacking" by Christopher Hadnagy. This book explains common social engineering techniques in simple terms. Even if you have zero experience with hacking, it will teach you to prevent yourself and your loved ones from being victims of engineering attacks. 

Social engineers can also target your family and friends, so spread the information about personal cybersecurity in your private circle.

Verify identities

Before providing sensitive information or performing actions in response to an unsolicited request, verify the identity of the person making the request. For example, if you receive a call from the bank, hang up and call the bank back using a phone number you know is legitimate to confirm the caller's identity.

Another good thing to do is to educate others, especially children and the older generation in your family, that only some things in our digital world can be trusted. Teach them to avoid opening emails or answering calls not from the people they know. In real life, a good habit is to not answer personal questions from strangers regardless of how official they look.

Use virtual numbers

Using virtual numbers can help you to avoid falling victim to social engineering because it allows you to keep your phone number private. 

Virtual numbers are temporary, disposable phone numbers that can be used for a specific purpose, such as online transactions or sign-ups. This way, if a social engineer were to obtain the virtual number, they would not have access to your sensitive information. They wouldn’t be able to call you and pretend to be someone they are not because they don’t have your real number. You will also be to avoid phishing and smishing attacks targeting your phone.

Conclusion

Social engineering attacks use psychological manipulation to trick individuals into sharing sensitive information without consent. By identifying common social engineering tactics, you can avoid them. The next step to prevent sad consequences is to take action to protect yourself from scammers. Develop critical thinking and always check twice before submitting your private information anywhere online. Educate yourself and your loved ones about the common types of engineering attacks and how to avoid them. Use virtual SIM cards so that attackers have a hard time knowing your real number. Finally, ensure you have installed software such as anti-virus and anti-spam software that keep social engineers away from you.