Social Engineering Attacks: Tricks That Hack Humans

“Congrats! You won the lottery”. In this digitally advanced era, we all must have received such calls, some of us might even have believed the same and lost our sensitive information to the hackers.

Social engineering is the art of manipulating and deceiving the victim to gain control over a computer system or gain access to sensitive information. This is a common practice these days. With advancing technology, hackers these days use several tactics to play with the emotions of common people by sending fake emails and generating false links and OTPs. This paves the way to gain access to your bank details and many other personal data. Social engineering is often referred to as ‘Hacking Humans’ because it is not just technical hacking, it is a psychological attack on the human brain to deceive them.

Techniques of Social Engineering

 

Hackers can invade your privacy just by making phone calls, sending an e-mail, an SMS, or stalking your social media accounts. Here are some common social engineering techniques:

 

  1. Phishing: Sending fake emails or creating false websites to steal credentials. 
  2. Vishing:  Hackers make fake calls to trap the victims. 
  3. Smishing: Phishing using SMS. 
  4. Pretexting: Impersonating your relative or creating a fake scenario to deceive people. 
  5. Baiting: Offering something tempting to trick the targets. For example, Infected USBs for people to pick up. 
  6. Tailgating: Following someone into a secure place without permission and for example, pretending to be a delivery worker to know your address. 

 

 

Case Study: The infamous Twitter 2020 attack

 

On 15 JULY 2020, a cyberattack shook the world when over $100,000 bitcoins were collected by scammers using social engineering. 

 

The Incident:

Accounts of high-profile people like (Elon Musk, Barack Obama, Apple, Bill Gates, and Uber) were hacked and used for fake Bitcoin giveaway messages 

 

How it happened:

The hackers pretended to be from IT support through phone-based social engineering, gaining access to internal tools. After gaining employees trust, they tricked them into giving login credentials. In this way, they were able to reset passwords and hack their accounts to tweet publicly.  

 

The Consequences:

  1. Over $100,000 bitcoins were collected by scammers. 
  2. The trust in Twitter’s internal security was shattered. 
  3. Several accounts were disabled. 

 

 

How Social Engineers trick you?

 

Hackers these days use social engineering to play with your mind by triggering various emotions like: 

  1. FEAR: Hackers often create a panic or fearful situation for you through urgent messages. 
  2. CURIOSITY: They create such situations like “You have won a prize!” and ask you to click on links to get them. 
  3. AUTHORITY: Pretending to be HR or boss (the 2019 deepfake CEO scam). 
  4. HELPFULNESS: They ask for your help so that they empathize with you. 

 

 

Warning signs for you

 

  1. Any unusual or unknown sender or request.  
  2. Request for your confidential data like bank details, account passwords, OTPs, etc. 
  3. Urgent, panic, or emotional language. 
  4. Unexpected winnings, prizes, and opportunities that seem unrealistic are a danger sign. 
  5. Verify that the name, email address and phone number match the country of origin. (Many fraudulent calls are from phone numbers of different countries). 
  6. Emails or messages with spelling mistakes or grammatical errors are clear warning. 
  7. Any Request to install any app or software that seems unauthorized or from unverified sources. 
  8. Social engineering ploys like posing as a government authority or a colleague asking for a Favor or confidential data.

 

 

Prevention is the best cure

 

  1. Don’t click on any suspicious links. 
  2. Always crossverify requests from unknown sender. 
  3. Always use strong and unique passwords. 
  4. Use twofactor authentication.
  5. Keep updating your devices and software regularly as it helps fix data vulnerabilities that are attacked by hackers. 
  6. Use a VPN if you need to use Public Wi-Fi for accessing your personal or financial information. 
  7. Report any suspicious activity immediately to the police, bank, or cybersecurity authorities. 
  8. Never plug in unknown devices like a USB picked from a public place as it may contain malware.

 

 

Conclusion

 

Social engineering attacks are increasing these days because people are easier to trick than systems. Especially people who are less digitally aware are the soft targets of such hackers so awareness is the best defense against such cyberattacks.   

Related Resources

Articles Blogs How Can a Cyberattack Be Even Worse Than a Kinetic Attack
How Can a Cyberattack Be Even Worse Than a Kinetic Attack

In the era of booming technology, do you think only weapons can cause destruction? When technology itself can lead to catastrophic consequences. While technology in right hands can bring a huge revolution for the mankind, in wrong hands it can lead to severe loss in the human society “Technology is a curse if it is handled by the lunatics, but it is a boon if it is handled by the wise”

Articles Blogs Internet Security and Privacy
Public Wi-Fi without a VPN: How data can be intercepted

In today’s digitally connected world, public Wi-Fi is everywhere — in coffee shops, airports, libraries, malls, and even public transportation. At times it offers convenience, and at the same time, it also opens the door to major cybersecurity risks. Using public Wi-Fi without VPN (Virtual Private Network) is one of the riskiest practices. You may not realize it but the moment you connect to that free public Wi-Fi your data may be vulnerable to hackers who may be hiding on the same network.

Articles Blogs Data Privacy and Protection Security Awareness and Training Why does cybersecurity face a threat from quantum computing
Why does cybersecurity face a threat from quantum computing?

Is there a computer that can perform tasks that are beyond the capabilities of a typical computer? Quantum computers are the name given to these unique computers. Because they employ tiny devices known as “qubits” rather than standard “bits,” they function differently from the computers we use daily. Although quantum computing is now a reality rather than just science fiction, there are significant risks associated with this technology, particularly concerning cybersecurity.

Articles Blogs Compliance and Regulations Cybersecurity Governance and Strategy
Bridging law and technology: the emerging field of cyber legal advisory

In the era of emerging cyber threats, legal responsibility and technological defense now come together. As a result, the Cyber Legal Advisor comes up with a vital role. Their role is to bridge the gap between law and cybersecurity. It helps organizations in guiding a complex web of digital laws, compliance requirements, and risk mitigation strategies. In this article, we will learn about the emerging importance of cyber legal advisory and how it is important in today’s world.