How to lose your data in 4 ways: An introduction to social engineering

As long as humans are involved in a company, its security will remain as foolproof as their behaviour. Itق€™s rightly said that there is no patch for human stupidity. All the members of an organisation have some kind of access to information that is valuable enough to facilitate an attack. But simply due to lack of diligence and awareness, people end up doing more harm than good to their companies.
Social engineering is a process, or rather a skill used by attackers to deceive people and make them give away confidential information. If you are a part of a company or you run a company yourself, keep on reading to know what could put you at risk of data breach.

1. Impersonating: How much should you believe people?

Attackers use this social engineering technique to extract important data by pretending to be someone else. They usually target employees who are unlikely to question authorities or who are not careful enough to cross check peopleق€™s identity, especially in time of an emergency. They could be receptionists, low level employees, or even general helpers who have keys to important rooms.

Clue	Example	Tip for employers	Tip for employees	Pro tip
Clue Attackers will create urgency to try avoiding proving their identity.	Example Someone calling as the manager/IT consultant in urgent need for a password.	Tip for employers Set an identity confirming protocol among the entire staff including top management.	Tip for employees Ask the person in question to follow the protocol, no matter who they say they are or how urgent the situation is.	Pro tip When it comes to outsiders, like technicians who need credentials for fixing a problem, give them a code beforehand which they can provide when asked for verification.

2. Phishing: How much you should believe the internet?

The trust we put on the internet sometimes puts us at a disadvantage. Through emails, messages or popups, attackers may lead us to fake or malicious webpages where we are prompted to enter critical data. The messages are either excessively tempting or reeking of urgency so that the viewer is tricked into taking quick action without verifying the source. Individuals and organisations could easily fall prey to giving away their confidential information like bank passwords via phishing.

Clue	Example	Tip	Pro tip
Clue Sense of urgency in the message. Leads you to another web page.	Example An email stating itق€™s from the bank and requires you to click on a link and login to your bank account.	Tip If you find it even slightly suspicious, refrain from clicking on the link and cross check with the actual institution first.آ	Pro tip Look out for other kinds of phishing via: SMS (Smishing), VoIP (Vishing), or Instant Messenger (Spimming).

3. Fake apps: How much you should trust apps?

Everyday we download a number of applications on our devices to make our lives a little bit easier which is why mobile applications are a fertile ground for dispensing harmful attacks. Hackers use this social engineering technique to create fake or malicious apps that could compromise your device. They even alter legit apps into their own malicious versions and upload them for users to download.

Clue	Example	Pro tipآ
Clue There is a trigger (in the form of message or popup) to download the app.	Example A message asking you to download a specific bank security app.	Pro tip Cross check the developer before downloading any app. Go online and read reviews about the app/developer.

4. Other human based ways: How aware are you of your environment?

The rest of the highly common techniques used by attackers to steal data are:

Eavesdropping

An unauthorized personnel listening closely to conversations.

Dumpster diving

Searching trash bins for valuable data.

Shoulder surfing

Looking over someoneق€™s shoulder to catch passwords or information.

Tailgating

Entering an area by closely following an authorized person through the door.

Individuals/employees tend to ignore such behaviour easily and end up putting their or their companyق€™s security at stake.

Clue	Example	Pro tipآ
Clue Someone following or lurking. An unusual device in your surroundings.	Example An unclaimed mobile phone lying in a meeting with its voice recorder on.	Pro tip Use a shredder to dispose work documents.آ Keep distance from unknown people while entering a restricted area.

If only everybody was conditioned to be more aware of such behaviours, these data stealing incidents would be substantially reduced. As an employer, educating and training the employees is the best way to mitigate cyber attacks. Do you have any ideas on how to protect your data? Say it in a comment below! And if this helped you, share it with others and spread the awareness!

Read more. Know more. Grow more.

Learn cybersecurity inside out

Leave a reply

Hot News

Crackdown on Infowars : Google bans Infowars app due to COVID-19 related misinformation

Are you being spied on : Zero-day attacks on DrayTek devices are letting attackers spy and create backdoors

Operation Poisoned News : Hackers exploit an iOS bug and install spyware through fake news links of legitimate websites

Is Zoom violating your trust : Zoomق€™s iOS app is secretly sharing your data with Facebook, even if you are not on Facebook

Hot Discussions

Courses

Computer Hacking Forensic Investigator (CHFI Course) – Tech Brewery

EC-Council Certified Incident Handler

Certified Penetration Testing Professional (CPENT Course) – Tech Brewery

Online Certified Ethical Hacker (Master) Course – Tech Brewery

Tech Brewery Chandigarh

Get in Touch

Follow Us

How to lose your data in 4 ways : An introduction to social engineering

Leave a reply Click here to cancel the reply