Social engineering: a new form of cyber attack

Social engineering: a new form of cyber attack

Social engineering is a new form of cyberattack and can be defined as the set of techniques used by cybercriminals to trick people into accessing their personal or confidential data, infecting their computers or servers with malicious programs (malware) or getting them to open links to infected sites.

We can all be victims of an attack based on social engineering, as cybercriminals analyze the best channels to access our personal data and confidential corporate information, with little information and obtained through deception.

How does Social Engineering work?

As we have already said, its modus operandi is deception, which can have many faces, such as sending emails that do not really come from the sender that is indicated, or sending infected attachments, as well as receiving calls and instant messages, where it is urgently requested to share certain personal data to resolve a matter of extreme urgency.

These communications may come in the form of a call from a technical IT service of our management software, cloud services, bank employees, courier delivery notices, invoice or commission payments, etc. courier delivery notices, invoice or commission payments, etc.

Common characteristics of social engineering attacks are:

Collection of information:

This is the pre-attack phase, where the cybercriminal will do his research on the victim and collect as much information as possible, which may be public on the Internet, obtained from the family, friends or work environment.

Relationship of trust with the victim:

Approaching the victim to obtain information that is of interest to the cybercriminal.

Manipulation of the situation:

Based on the relationship of trust established prior to the attack.

Disappearance:

The cybercriminal will erase all traces of his actions, so that it will be more difficult to identify him and he can carry out another attack of similar characteristics.

Thus, one of the areas where we are most exposed to being the target of a cyberattack where this type of engineering is used is through the use of social networks.

The current habit of making public everything we do, where we are, what we eat, our tastes in fashion, movies, hobbies, etc., is an endless mine of information for this type of criminals, who find in these “innocent” or “thoughtless” publications, everything they need to access your life, supplanting your identity, in the best of cases.

Another very revealing example is the use of email, whether personal or corporate, to obtain confidential information from the victim, such as the use of credentials (phishing), spoofing, links to fake pages or downloading infected files.

How to combat social engineering attacks?

The first thing is to train, raise awareness and sensitize the staff users of our information system, in the prevention of the use of our personal information and be updated in the new techniques of deception that appear every day, is the best way to be safe and that our personal data are safeguarded.

Be wary of anything that may involve a risk (offering personal data, access data, bank account data, etc.), whether in the form of an e-mail, call, message that generates some doubt, or whose origin is not clear, it should be ignored, thus avoiding any contact, direct or indirect, with the cybercriminal, closing the doors to your personal and confidential information.

What to do if I am a victim of a social engineering cyber attack?

If you think you have been the victim of a cyberattack, you should perform an antivirus scan of your device, change all passwords and review your most valuable information, such as your bank account, YouTube or Social Networks where you usually post videos, if any, or any forum where your data may have been made public.

In the same way, it is necessary to report the facts to the State Security Forces and Corps and call the 017 helpline of the National Institute of Cybersecurity.

Business Adapter® at your service

If you have not yet trained your staff on data protection and information security or / and want to comply with the European and Spanish data protection regulations(RGPD + LOPD) to which any company or professional is obliged, contact us by email: info@businessadapter.es, call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be happy to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!