What is social engineering? Social engineering are attempts, such as phishing scams, to manipulate you into relinquishing confidential and personal information. Cybercriminals use social engineering tactics as it is easier to trick you into providing access to your personal data than it is to discover ways to hack into your computer systems.
To counterattack, you need to protect your information. Keeping your information secure requires a vigilant and relentless mindset to question the who, what, where, why, when, and how behind each and every online request for the tiniest shred of your personal or the university’s confidential information.
To avoid becoming a victim, you also need to know about the different types of social engineering tactics cybercriminals employ:
- Baiting. “Curiosity killed the cat.” In this type of social engineering, the cybercriminal leaves a device, such as a USB stick infected with malware, in a public place. Someone, out of curiosity, will pick up that device and plug it into their computer to see what’s on it. The malware will then inject itself onto the computer.
- Phishing. Scare tactics rely on people making decisions based on fear or urgency instead of critically considering if a situation might be fake. Phishing comes in various forms of electronic communications like emails. These emails might appear to come from your bank or your supervisor requesting your username and password or other confidential information, because you might feel more inclined to comply if they are from someone of an official status. Remember, no institution would ever ask for your password in an email.
- Email Hacking and Contact Spamming. You tend to pay attention to things you get from people you know because it seems important and trust is already established. You open emails from family and friends and click on whatever link they send without thinking. This is why cybercriminals go after email addresses and passwords. Once cybercriminals acquire said credentials, they can spam all contacts from your address book and spread malware.
- Pretexting. Cybercriminals use this method to create an elaborate story to “hook” their victims. This could be a sob story about being trapped on an island or needing money for a medical situation. These scenarios are used to trigger your willingness to help someone in need. By using these kinds of stories, cybercriminals attempt to steal your money and personal information.
- Quid Pro Quo. “Something for something.” Cybercriminals entice you with prizes or huge discounts on expensive products and then scam you to relinquish personal information in order to claim your prize. They will then use your data to steal your identity and subsequently, as much of your money as they can access.