Post image for Avoid Social Engineering Tricks and Traps | Internet Awareness

Avoid Social Engineering Tricks and Traps | Internet Awareness

by

Internet Awareness is improved by avoiding social engineering tricks and traps.  The best browser and computer security you can get is of no use if you fall prey to social engineering ploys.   Become more secure by increasing your internet awareness and understanding the schemes criminals uses to get to your information.

Social Engineering and Internet Awareness

Social engineers or criminals use human behavior to their advantage to trick you into providing information you wouldn’t normally give out to a stranger.  They rely on the fact that people are generally trusting and cooperative.  Rather than use technical means, such as hacking through a firewall or set of passwords to gain access to a secure system, social engineers just ask you for your password!  They may do this by sending you an email asking you to verify information, such as your account or password, or call you and pose as technical support and ask to get your ID.  Increase your internet awareness by understanding social engineering techniques.

Social Engineering Techniques

  • Phone Calls – A criminal will call you and pose to be your company’s help desk, from your bank, or other service.  They claim they are calling to helpy you and need your user name and password to verify an issue they have noticed with your computer.
  • USB Drives – Criminals drop USB drives around entrances to your company, the mall, or other public places in hopes that someone will pick it up and load it into their computer.  Special software on the USB drive is then activated, giving the criminal inside access to your network.  The software can also track your typing, record account names and passwords, and “phone home” this information to the criminal.
  • Email – Social engineers will send you an email claiming you should visit your bank’s site to verify information  However, the link provided  doesn’t go to your bank, but to the criminal’s look-alike website, whose sole purpose is to collect your account id and password.  Once that is collected, you directed to your bank’s site, so you never suspect you’ve been scammed.
  • US Mail – The crook sends you a special delivery package , such as via overnight delivery.  Inside is a note saying you’ve won a free iPad!  The note directs you to go t a website to collect you prize.  The sole purpose of the site is to collect your information,  not to give you an iPad.
  • Typo Squatting – Bad guys can control domains of commonly misspelled banking and financial sites.  They wait for you to type in the incorrect spelling, and then masquerade as the real site in hopes of collecting your account and other personal information.

Improving Your Internet Awareness

The best way to counter social engineering ploys is to  increase your internet awareness.  Remember to not trust strangers.  Sound familiar?  Always question why someone would call or contact you out of the blue about your bank account, log in to a website, or other personal information.

Here is how I would counteract the above techniques:

  • Phone Calls - Ask for the caller’s number, don’t trust caller ID, and then verify the number.  If you can’t verify it using a reverse look up, then don’t call them back.  Improving your internet awareness doesn’t stop at your computer.
  • USB Drives - You wouldn’t eat a piece of candy you found on the ground, so why put a “dirty” USB drive into your computer?  Its not worth the risk.  If you don’t know the origin of the USB drive, don’t use it.
  • Email - Banks and other financial sites won’t contact you by email and encourage you the enter or verify your information.
  • US Mail - If it is too good to be true, it probably is.
  • Typo Squatting - verify links before clicking on them.  Hovering over a hyperlink in most browsers reveals its address.  Do so and verify the spelling.  A reputable business won’t use misspelled hyperlinks.

If some one is trying to verify your information, tell them you’ll call them back at their main office number, or when presented a web link, don’t click on it, but search for the official site in Google, check the spelling of the link, and click on it from there.  Increasing you internet awareness is about questioning and using applying common sense to the situation.  The trick is that though you may have good internet awareness, your generosity and kindness are exploited.   Social engineers rely on you being helpful, cooperative, and responsible.

I find social engineering to be pretty fascinating.  These techniques lie at the intersection of technology and psychology.  What other type of social engineer techniques have you heard about, let us know.

Previous post:

Next post: