Social Engineering Attacks: How They Work
We have good news and bad news. The bad news is cybercrime is on the rise, and cybercriminals get the valuable intel they use to breach your company via the cycle of social engineering attacks.
The good news?
You don’t have to be an expert on social engineering attacks to protect your
Social Engineering Attacks: The 4-Step Process
Step 1: Gathering Information
Cybercriminals spend a lot of time and resources sourcing information because the juicier the information, the easier the following steps will be. They might use a phishing technique, or simply try to “friend” or connect with you on social media. Your social media can work against you; a random connection can look at the photos you’ve posted and find a little something that tells them enough about you to give them a way in.
Step 2: Relationship-Building
Once they’ve gathered enough personal information about you, the next step is to try to build some sort of relationship with you. This can happen in all kinds of digital spaces: on social media, by email, phone call, text or anywhere else. The initial contact may seem innocent, but it’s a step toward something more sinister.
Step 3: Exploitation
Once they have some sort of relationship with you, it’s time to hook you. They might send you what appears to be a legitimate link about something you have an interest in or trick you into giving them your email or password. Humans are wired to be social, and you are the weakest link in the chain. It requires you to take some action and is a great opportunity for training to make a big difference.
Step 4: Execution
BAM! You’ve been hacked and you don’t even know it. In fact, you might even think you’ve helped someone else out. By the time you realize you’ve been scammed, the criminal has already done the damage, cleaned up their footprints and ensured their exit strategy with zero digital footprints left behind.
What Happens When You Don’t Think Before You Post
Picture this: you had such a great time at a new restaurant and the food was so good, you decide to post a photo on Facebook, Twitter, Instagram or some other social media platform publicly, not just to your friends’ list.
Be careful here: Those types of photos contain much more information than you think.
A picture is worth more than a thousand words; cybercriminals can get a lot of information from them in the form of metadata and even trick you into contacting them, thus finding out everything about you and your contacts.
One of the ways they gain your trust is by pretending they’re the manager of that restaurant, gym, movie theater, etc. You’re thanked for your patronage and offered discounts for the next time you come in.
Pro tip: Don’t click on those links or respond. It’s just a phishing expedition that will lead to trouble.
Photos taken at your place of business are also full of information. Hackers can zoom in on your badges or the computer screen in the background, even on a post-it note which is in the frame, which may or may not contain a password hastily written down on it.
Enhance Your Social Media Cyber Security
Don’t become a target. Make yourself harder to pin down with these social media cyber security tips:
- Think before you post, especially photos, and make sure there are no hints about your personal life – even ones that seem insignificant like your pet’s name.
- Trust no one who suddenly appears in your messages and encourages you to accept a freebie. Nothing is really ever free on the internet, and it could turn your life upside down.
- Don’t lend your “expertise” about something to others on social media. Even if they are legit, if you personally know them, remain wary but find another way of sharing with them offline.
If your social media account does get hacked:
- Check all your financial accounts. If you see any suspicious behavior, report it and lock down the accounts. Tell your banks and credit agencies as soon as possible, and change your login credentials. The new password should be difficult, with random upper and lowercase letters, a non-dictionary word and special characters, and not one that has been used before on any account. Learn more about strong passwords in our Password Management Guide.
- Change your passwords for all social media accounts starting with the one that was compromised.
- Notify your social network about the hack. Your hack could give cybercriminals a way to establish rapport with your friends and compromise their accounts, too.
- Consider what accounts you may have used your social media account to log in to with the “login with Facebook” button. Change the account credentials and disable the “login with” feature. As mentioned earlier, individual passwords are more secure.
Fighting Social Engineering Attacks
At Intrust, we’re familiar with how cybercriminals behave because we keep up to date with their techniques. Contact us or book a meeting to learn more about the latest in cybercriminal behaviors.
Share this Blog
Is Your Name or Birthday a Part of Your Password?
If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.
Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.