As we know, whenever we surf the net we can be victims of many attacks that put our systems at risk. Luckily we can make use of multiple tools and methods with which we can protect ourselves. Now, hackers often hone their techniques to achieve their goals. Something that is increasingly present is social engineering . In this article we are going to explain what are the main attacks related to social engineering.
Main social engineering attacks
In some article we have explained what social engineering is and how it is increasingly present. In this article we wanted to compile the most frequent attacks that are based on social engineering. In this way we will have a better understanding of this problem. We will also give some tips to protect ourselves.
Phishing by email
It is undoubtedly the social engineering attack that is most present today. It is not something new, far from it. However, over time they have been perfecting their techniques. Basically it is to receive an e-mail where they tell us to log in through a link or download a file. The point is that by logging in we are giving our data to a cybercriminal.
Within Phishing we can find generic messages and also personalized messages. The latter are more successful since they are aimed directly at the victim.
Text messages
Social engineering is also used to attack via text message . They can make use of a simple SMS to make the victim enter a malicious page or send personal data. For example they can impersonate a legitimate organization.
Scams by social networks
Social media is also a major source of social engineering attacks. On many occasions, it consists of attackers attacking their victims and posing as legitimate users, sometimes members of some organization.
What they are looking for with this is to gain their trust to carry out their attacks, collect data or obtain any benefit.
Fake News or scams
Without a doubt the Fake News or scams are very present in the network. They can look for these types of hooks to go viral and reach many users. Later, those links, those fake articles, may have malicious content, invite you to download software that has been modified by third parties, or collect data in some way.
Problems with the system
It is another of the techniques widely used in social engineering. They can call the victim to indicate that their computer is in danger, that they have detected a threat, that someone has tried to steal their data, etc. They usually pose as some important and prestigious organization.
Free product
The most traditional hook. Here attackers offer the chance to receive something for free . It can be software, it can be some physical product or it can have a benefit when contracting a service. They seek once again to gain the trust of the victim and subsequently carry out their attacks.
Baiting
Baiting is a type of social engineering attack based on finding sloppy victims who casually come across removable memory. This can be a simple pendrive, for example. The point is that this memory is going to have some type of malware and when inserted it will infect the victim’s computer.
Tailgating
Something different is tailgating . Basically it consists of entering a restricted area. Take for example a company that is accessed through an RFID card. The attacker waits for the victim to be entering to quickly approach and say that their card has been forgotten inside.
How to avoid becoming victims of social engineering attacks
Luckily we can take into account certain tips that we are going to explain to avoid being victims of this type of problem. Some basic questions can help us gain protection.
Do not expose the data
Something very important but that sometimes users overlook is not exposing the data more than the account. By this we mean not to make our e-mail address public in open forums or comments on web pages. Nor should we make personal data public on social networks that can be used against us and are available to anyone.
Protect equipment
Of course it is important to protect the security of our devices. This means that we must install security tools and also have the latest updates and patches. Sometimes vulnerabilities arise that it is important for us to correct.
Be careful when logging in
A basic point is also to take care of ourselves when starting the session . We should not expose information when logging in from insecure networks or through platforms that may not be reliable. We must also log out when using third-party equipment.
Using strong passwords
Finally, another tip we want to give is to use passwords that are strong and secure. This means that they contain letters (upper and lower case), numbers and other special symbols. All this at random.