Hacking humans is costing us millions
Across the past 5 years, the level of social engineering crime has risen, due to con artists targeting human error. Using social engineering tricks, the receiver is deceived into paying fake invoices or granting overseas operators’ full access their computers and enterprise networks. Causing Individuals and Business operators of all sizes, to lose hundreds of thousands of dollars with little ability to recover.
Emergence Head of Underwriting and Product Development Jeff Gonlin describes: “Your computer is easier to hack than the banks or large corporations and Humans are easier to hack than any computer”.
Transferring money electronically has become today’s most common way to pay bills. Con operators have developed many sophisticated ways, adapting to suit to today's technology. Whilst that technology has changed, human behaviour has not, allowing people to be psychologically manipulated, exposing their desire to be helpful and respect toward authority.
There are several different methods used by fraudulent operators, it is important to understand each of these and improve our behaviour to prevent these attempts becoming successful.
TYPES OF SOCIAL ENGINEERING FRAUD
Phishing is the most common form of social engineering fraud. The attacker recreates a false website or support portal of a well-known company. Then sends links within emails or social media posts, leading individuals to the fake website to gathering their login information or credit card details.
Most email account providers include spam filters identifying most of these emails nowadays. However, the receiver must always be vigilant of any email seeking login or credit card details, which in most cases are fraudulent.
Spear Phishing is a subset approach related to Phishing. Although similar, it requires more effort from the side of the attacker. They pay particular attention to the uniqueness and limited number of users they target. Resulting in more sophisticated and targeted emails to the recipient.
or fraudulent Social Engineers can be located anywhere within the internet. But many use the old fashion method of telephoning people. This type of approach is named Vishing and uses IVR (Interactive Voice Response) systems, mimicking that of a renown company. They attach the IVR to a toll-free number, tricking people to call the number and entering their details. This method exposes what has become another common practice of people providing their financial details to a trusted telephone system.Imposers
This is method which you may have come across and can be received by email or messages via social media pages. This method uses a scripted scenario, the attacker impersonates another person or known figure. The most common use of this method is sending a fake email or message, using the details of an existing friend or family member, asking for money. In most cases, the attacker has hacked their account or created a fake account.
Similar to the Trojan Horse used by the Trojans, the digital variation of this is to leave a USB drive or optical disk in public places, hoping an individual will pick it up out of curiosity and use it on their device.
A more modern version can also be found on the web. False links to download software are presented to users, tricking them into downloading malicious software and running it on their system.
QUID PRO QUO
Another social engineering method used to access systems or information, is to pose as technical support of a known company or a company’s internal support department.
Attackers contact individuals or company employees regarding a technical issue on their system. The user is tricked into granting the attacker with remote access to their system. In some cases, the attacker will get the individual to perform certain tasks or install software on their system. The attacker may even entice the user by offering a reward or a gift for performing the task.
Once compromised, the attacker is free to control all aspects of the computer and view all information by stealth even after the session has ended.
METHODS TO PREVENT SOCIAL ENGINEERING FRAUD.
IMPROVE YOUR EMOTIONAL INTELLIGENCE.
Social engineers try to hit on the emotional response of individuals. They may take you on a guilt trip, make you feel nostalgic or even create a negative emotional response. The situation becomes alarming, creating individuals to open up in front of the ones supposedly providing them with emotional comfort.
STAY AWARE OF YOUR SURROUNDINGS
Be aware of your when accessing the internet or social media pages. A personal trying to hack into your online account, are likely to have viewed your details on pages such as Facebook, Twitter or Instagram.
These details are clues about your personal details, which are likely to be answers to security questions for accounts or even passwords.behaviour
THINK BEFORE YOU ACT
Most security questions for accounts include details such as pet names, school names, birthplaces etc.. Pay close attention to any online site that seeks this information. Including personal files on your PC which may contain this information.
KEEP YOUR ACCOUNTS AND DEVICES SAFE
With an abundance of devices connected to the internet, it is now easier than ever to get access to your information. Ensure that all devices with internet connection, have both an antivirus and firewall protection system installed.
Use strong passwords and use two factor authentications whenever available. Use secure vault software (several available online for smartphones) to store all account details and passwords, rather written down in a notebook.
Social Engineering attacks are becoming increasingly more sophisticated, targeting vulnerabilities of individuals and their busy lifestyle. Within our electronically communicated society, Humans are the last line of defence.
Just as Humans learnt to wear armour in battles centuries ago, it is important that we that we have upgraded our minds and behaviour to defend against today’s electronic battles.