Cyber Street Smarts: Stay Safe in the Social Space

— -- Cybercriminals depend on the fact that when people are faced with frightening scenarios that they will make impulse based decisions. The human versions of software vulnerabilities are our emotions.

Human-to-human interaction plays a huge role in social engineering, as it is easier to get the user to divulge sensitive information when they think they are dealing with someone they know. Since social engineering is based on human nature and emotional reactions, there are many ways that attackers can try to trick you- online and offline.

Social engineering can be performed in two ways: a single attack, like a phishing email, or in a more complex way that is akin to a "long con":

Hunting

Hunting is the quick version of social engineering attacks. Usually, cybercriminals use phishing, baiting, and email hacking with the goal of stealing as much data as possible from the victim with as little interaction as possible. The attacker may send out hundreds of spam emails and see if anyone "bites."

Farming

A more complicated form of attack; farming is when the cybercriminal will seek out a way to form a personal connection with their target. They will perform some research on their victim by looking for any personal information available online. All they need is a name and they’re off and running. The cybercriminal will then try to form a relationship with their victim based on the information gleaned while researching their target.

Types of Social Engineering Attacks:

Baiting

Cybercriminals rely on the curious nature of people. In this scenario, that curiosity is essential. The cybercriminal will leave a random device such as a USB stick that is infected with malware in a public place, with the hope that someone will pick up the device, and plug it into their machine to see what’s on it. Once it is plugged into the system, the malware will install itself onto the computer.

Phishing

Scare tactics seem to be one of the most popular strategies to try and trick you out of your information, as it presents you with an urgent scenario, usually involving a financial or other online account. It relies on people making decisions based on fear or urgency, rather than thinking about the scenario for a moment. Other versions of these emails can appear to be from an authority figure, such as someone in management from your company, requesting a user name and password so they can log into a system. People tend to naturally comply when a request comes from a coworker, especially if it is someone they think they know.

Email Hacking and Contact Spamming

One of the main reason cybercriminals go after email credentials is to take over the email account and then spam the contacts in the address book. Therefore, the email looks like it is coming from a trusted source, when in reality; it is from a hacked email account. It’s human nature to pay attention to messages we get from people we know. The main objective is to spread malware, trick people out of their personal information and more.