If a stranger walks up and asks for your keys, you’ll probably give him a weird look and tell him, “No.” But if your spouse runs by and says they’re running late, you’ll likely hand over your keys without question. A hacker understands this logic: stranger danger doesn’t go away, and we’re more likely to trust people we know. For this reason, the best hackers never look like hackers. Through social engineering, they’ll look like your friends, family, and coworkers.
What is Social Engineering?
Social Engineering involves tricking users into taking actions that go against their best interests. For instance, a hacker might convince a user to share personal information or click on an infected link. Many attacks, such as Phishing and Smishing, utilize social engineering in order to catch a user off guard. By creating a sense of trust—or a sense of urgency—these attacks deceive the user into risky behaviors.
Of course, no hacker is going to say, “I’m a hacker, plz send me ur files.” Instead, they’ll pretend to be your boss and ask for your password. Or they’ll imitate a collection’s agency and say your payment’s late, but don’t worry, just click here, and everything’s fixed! A message like that is bound to make someone nervous. So nervous, in fact, that they might click on the link without thinking. And then suddenly, their computer’s infected. Or their email’s compromised. Or their phone’s acting off. Etc., etc.
How Does Social Engineering Work?
Social engineering attacks often require days or weeks of planning. A hacker might spy on you in order to better understand your routine. They might look through your social media in order to understand who you typically interact with, and they might start impersonating your friends’ typing style. Worse, they might meet you in-person, pretend to work at your company, and convince you to let them inside. And once you open that door, they’ll have the freedom to do whatever they want.
Long gone are the days of Nigerian Prince scams. While these attacks pop up from time to time, more sophisticated attacks have become the norm. Oftentimes, a hacker will know your email or your phone number, and they might even know your name and title. Furthermore, they might know your boss’s name, or your friend’s address, or any number of things that can be used to trick you.
How Can I Avoid Becoming a Victim?
The first step to avoiding a social engineering attack is to make yourself an unappealing target. Since hackers devote days to spying, they’re less likely to attack someone who appears well protected. Additionally, learning the different types of social engineering attacks will help you know what to look out for. And by remaining vigilant, prepared, and skeptical, you’re more likely to hesitate before clicking a link.
When it comes to cyberattacks, social engineering is the tip of the iceberg. Threats are constantly evolving, and you should always be learning more about security trends and best practices. For this reason, Onepath has compiled a Master List on cybersecurity articles and a list of cyber-terms you need to know. True cybersecurity means constantly reassessing your cybersecurity and learning all that you can to keep you safe.