Social engineering ranks highest among techniques used to scam individuals
Social engineering is becoming the most efficient way through which individuals and by extension banks have been scammed. In its latest industry report, the Nigeria Inter- Bank Settlement System (NIBSS) said social engineering accounted for the most technique used in perpetrating electronic frauds against financial institutions and their customers, especially individuals.
In the second position is lack of Two Factor Authentication (2FA). 2FA sometimes referred to as two-step verification or dual- factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
Social engineering, in the context of security, is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. For instance, instead of trying to find software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. It was responsible for 11, 589 fraud activities.
Social engineering happens because of the human instinct of trust. Cybercriminals have learned that a carefully worded email, voicemail, or text message can convince people to transfer money, provide confidential information, or download a file that installs malware on the company network.
Some examples of social engineering include phishing: these tactics include deceptive emails, websites, and text messages to steal information.
Spear phishing email is used to carry out targeted attacks against individuals or businesses.
Baiting is an online and physical social engineering attack that promises the victim a reward.
With Malware victims are tricked into believing that malware is installed on their computer and that if they pay, the malware will be removed.
Pretexting uses a false identity to trick victims into giving up information.
Quid Pro Quo relies on an exchange of information or service to convince the victim to act.
Tailgating relies on human trust to give the criminal physical access to a secure building or area.
Vishing urgent voice mails convince victims they need to act quickly to protect themselves from an arrest or other risk.
Water-holing is an advanced social engineering attack that infects both a website and its visitors with malware.
A few tips to counter social engineering
Do not open any emails from untrusted sources. Contact a friend or family member in person or by phone if you receive a suspicious email message from them.
Do not give offers from strangers the benefit of the doubt. If they seem too good to be true, they probably are.
Lock your laptop whenever you are away from your workstation.
Purchase anti-virus software. No AV solution can defend against every threat that seeks to jeopardize users’ information, but they can help protect against some.
Read your company’s privacy policy to understand under what circumstances you can or should let a stranger into the building.
To stay protected against social engineering attacks, it is important to recognise the power of ego. Each one wants to believe that they would never be tricked or scammed by a phishing email or other social engineering attack. However, cybercriminals rely on all aspects of human emotion and nature to subtly deceive and trick people into acting.
It is only with first- hand experience of being phished or violated by another social engineering approach that people really appreciate how social engineering works.
By using a people- centric approach to security awareness training that uses phishing simulations, engaging and relevant content, and an understanding of human nature – one can stay protected against social engineering.