How to better identify a social engineering scam
19 February 2022

Social engineering, the practice of manipulating a victim into believing they are communicating with a trusted individual or platform, so they give up confidential information, remains one of the biggest threats to an organisations cybersecurity.

With an estimated 270% increase in attacks in 2021 alone, it has become clear that organisations need to invest equally in equipping their staff with the necessary tools to identify threats and ensure they are less susceptible to being victims. Here are some of the common tactics that are used in social engineering attacks:

Scareware

As the name suggests, scareware attacks play on the emotions of a victim by making them believe they need to take urgent action to prevent a catastrophic outcome. The victim then clicks on a link which ultimately infects their device with malware

Common scareware attacks center around your finances or your device. For instance, the social engineers can pretend to be your bank notifying you that your account has been compromised and you need to share your banking details to verify account ownership. Alternatively, and perhaps even more common is the ‘Your computer has been infected by a virus’ alert which then prompts you to click on a link in order to ‘clean’ your device.

All these tactics and more are simply designed to scare the victim into taking action and are surprisingly effective as users fear their consequences of not taking action.

Email hacking & contact spamming

 

Social engineers are aware that trust is one of the key tenets to getting an individual to carry out a desired action. As such they have become masters at crafting communications that appear like they are originating from a trusted source like your bank or a known associate such as a colleague or a friend / relative.

Common hooks they use include simple subject lines like; “Check out this site I found, it’s totally cool.” This intriguing line from a ‘friend’ is often more than enough to get an unsuspecting victim to open the mail and click on the malicious link.

Phishing

This is probably one of the most well-known forms of social engineering where a cybercriminal will attempt to acquire information that they can use to conduct a more significant crime. This generally includes phishing for personal information such as login credentials in order to compromise an account like your work profile or bank account.

It is important to remember though that phishing comes in various forms including:

Vishing – (Voice phishing) – Where a phone call is used to acquire the sensitive information.

Smishing – (SMS phishing) – this is conducted through using sms messages that contain a malicious link.

Email phishing –  the most traditional form of phishing where an email is sent that contains a malicious download file or link in the body.

Angler phishing – this entails a cybercriminal pretending to be a customer service representative in order to obtain valuable personal information.

URL phishing – this involves receiving a link that may appear to be from a trusted source but is slightly altered in order to deceive you into clicking and sharing personal information.

In-session phishing – occurs when a victim is already active on an online platform then for example they are asked to log-in again.

DNS Spoofing

DNS Spoofing, which is sometimes referred to as cache poisoning, entails the manipulation of a browser so that users are redirected to a malicious website that may appear genuine but instead has been developed in order to harvest sensitive information.

These along with other methodologies such as baiting and pretexting are some of the well known ways social engineers are able to dupe their victims into unknowingly handing over vital personal information.

Given the ever-existing threat of social engineering to individuals and organisations alike, it is important that organisations combine regular training with modern cybersecurity practices to ensure the mitigate the risk of being a victim.

Need to know more? Contact DataGroupIT today to find out how we can help you develop a robust security posture within your organisation.

About DataGroutIT

DataGroupIT is Africa’s leading Value-Added Distributor (VAD). By partnering with the best selection of established and emerging technology vendors across the globe, we, provide complex solutions for any size business, including Enterprise and SME markets across the African continent.

Our product portfolio offers comprehensive solutions for IT Security, Infrastructure and Enterprise Software.

We are fully committed to our business partners. Channels & vendors success is our #1 mission. Our professional teams across Africa deliver exceptional sales, presale, logistic, marketing and financial support that create the ultimate platform to accelerate our business partners’ success.

Contact Us today to find out more.

Post by: DGITUser
More Articles from Articles
Curbing Shadow IT in your organisation

Curbing Shadow IT in your organisation

“Shadow IT refers to (the use of) IT devices, software and services outside the ownership (approval) or control of IT organisations.” – Gartner The above definition gives the idea that Shadow IT can only be carried out by malicious actors when it...

read more
Understanding the mechanics of a data breach

Understanding the mechanics of a data breach

Definition: A data breach is a cyber-attack in which sensitive or confidential data has been accessed or disclosed to an unauthorised individual or software system. Data breaches normally come in the form of exposed customer credit card numbers,...

read more
The key to effective SaaS Asset Management

The key to effective SaaS Asset Management

Increasing levels of remote work and the accompanying migration to the cloud has seen a renewed emphasis on data protection, proactive threat monitoring and IAM (Identity & Access Management). The last 2 years have solidly established the fact...

read more