By definition, social engineering is a discipline or art of manipulating people so that they share their confidential information. It may start from collecting information as simple as your legally registered name, date of birth, passwords, or bank information depending on the interest of the exploiters.
These criminals may collect information based on what they are targeting from their victims.
How can I be a victim of social engineering?
The art of social engineering starts from getting trust – something like the exploiter becoming friends with his or her victim. Thus, social networks are a great plethora of information about people around, and finding targets are much easier.
Platforms such as Facebook and Twitter are on which these exploiters may start manipulating people.
What else social engineers do?
This depends on what the social engineers are looking for. Common social engineering attacks include:
1. E-mail from a friend:
With e-mails, these criminals can do whatever they want. Basically what they target with e-mail can be the victims’ passwords.
Knowing a password of an account of the victim is as good as knowing all the passwords of the accounts associated with the victim. This is because most people are tempted to use the same passwords for all the accounts they possess.
Links they send in their e-mails can be the links that seem common but these can be links of the cloned sites with which they use as tools for collecting the passwords.
Download links, images, videos, and others may contain malicious software that keeps the victim’s webcams turned on so that the attackers see them, track the victims’ passwords or make the victim’s machines malfunction.
Phishing attacks come with e-mails, Instant Messages, or comments that appear to be from legitimate people, institutions, or banks associated with the victims.
The victim may get messages such as saying he or she needs to verify his/her passwords, re-enter passwords, or change passwords often with threats mentioning what would happen if they fail to do with the links they send.
Sometimes messages can be about the victims winning a lottery or other gifts. The criminals would ask the victims to send some money so that these prizes can be delivered or else these prizes will be withheld.
There can many ways criminals can do to attack their victims. It is always advisable to be always cautious while reading emails, instant messages for comments from unknown people, and maintaining privacy to one’s every bit of information.
When these attacks can happen?
Possibly anytime, anywhere, and to anyone.
How can I protect myself?
There are many ways to protect. Here are some of these (or click here for more):
1. Never trust spam.
2. Be suspicious of any unsolicited messages.
3. Delete any requests for financial information or passwords.
4. Beware of the fake accounts on social networks.
5. Be cautious about what else to download.
6. Use recommended or known websites.
7. Do not shares photos or videos that contain your information.
8. Never get excited about foreign offers – often they can be fake!
9. Use reliable anti-virus software.
10. Use strong and unique passwords for different accounts.
11. Never trust unknowns!
Kuzu Zangpo la! I am Sonam Dargay. I am a full-time software developer. Apart from 9-5 office works, I am a tech enthusiast, blogger, and dreamer.
I graduated from the College of Science and Technology(CST), affiliated with the Royal University of Bhutan.