Knowledge Base

Social Engineering – An Art of Manipulation: Identify and Protect

 

Cyber criminals have many tools in their arsenal, but Social Engineering stands out as the most effective due to its simplicity and efficiency against an individual or an organization. In Social Engineering attack cybercriminal hardly uses any tools. It is an art of manipulation by cybercriminals that relies on exploiting human psychology rather than technical vulnerabilities. It is very difficult for people or employee to stop such attacks, but they can defend themselves and their organization by following some basic practices.

 

What is social engineering?

 

Social engineering is an art used by cyber criminals to exploit human inherent weaknesses like fear, greed, trust, love, need etc. Cybercriminals use psychological manipulation of such human weakness to trick victims to make mistake and give away sensitive information.

 

An example of social engineering attack against organization:

 

Uber breach happened in Sep 2022 using social engineering attack:

It was likely that one of an Uber contractors had his personal device infected with malware. Due the malware the credentials were extracted and sold on the dark web. One hacker was able to purchase the exposed credentials. By using those credentials, the hacker repeatedly tried to log into the contractor’s Uber account, which was triggering MFA approval request. Repeated MFA requests caused ‘MFA fatigue’ where the contractor became fed up with receiving notifications. When the contractor eventually accepted a request, the hacker gained access to the account and escalated the attack.

 

Perfect 10 to protect yourself and your organization from Social Engineering Attacks:

 

  1. Keep an eye on the latest online scams and social engineering attacks.
  2. Always verify requester identity before sharing any information.
  3. Government, banks, and service providers won't ask for personal information over phone, email, or text. Don't share if someone claims to be from these organizations.
  4. Keep multifactor authentication enabled on your online accounts and mobile phone.
  5. Never rely on technology, use your instinct. Stop. Think. Verify before sharing information to any person on any platform.
  6. Keep in mind, nothing is free, if someone is giving you something too good to be true, it must be a scam.
  7. Read online reviews from reputable sources to check if the website or call is genuine.
  8. Never keep the same password of your organization accounts and your personal accounts.
  9. Never share your password to anyone, whatever the emergency presented by someone on phone or email.
  10. Feel comfortable reporting any security incidents or suspicious activity promptly to agencies or your organization's incident management team.

 

Alok Jha | LinkedIn 

Head of Cyber Security - Coforge

Co-Founder Cyber AI Talks 

Cyber Security Strategy, Governance, Compliance and Risk

Associate C|CISO | Certified Information Systems Security Professional (CISSP)

VolunteeringHelping underprivileged children to learn Cyber security, IT technologies and self-organized learning using freely available resource.