Social engineering is a method used by criminals to obtain sensitive data, hack into an account, or extort money from the victim. This method is based on manipulation and exploitation of human weaknesses or feelings such as compassion, trust or willingness to help.
Attacks carried out using social engineering methods very often don’t need complex actions based on digital breaches. Cybercriminals are able to impersonate a person theoretically known to us in order to easily obtain the data they need. To do this, for example, they send out fake messages that seem to be very harmless, such as a request for support from someone you know, or on the contrary - aimed at instilling fear in the recipient if we do not perform certain actions (we provide certain data or make a bank transfer in order to avoid further problems).
In both cases, it is easy to verify the authenticity of such a message. First of all, we should contact the alleged sender and confirm whether they actually sent us such a message. If there is a link in the email, we should not open it under any circumstances, just hover the cursor and see where it potentially leads us.
Another method based on social engineering is the so-called Baiting. For example, criminals send out messages informing us that we have won a lottery or been awarded a gift card. Condition? All you have to do is click on the link and enjoy your winnings! In this way, a careless user can allow malware or spyware to be installed on the computer, and thus on the company network. A cautious users will ask themselves whether they have actually participated in such a lottery, or whether they belong to the loyalty program of the company that the criminal is impersonating. Again, the principle of limited trust will be the primary issue to ensure security. Let's check the source of the message, the sender, the company that allegedly gives us benefits. In case of even the slightest suspicion, we should contact the administrator of our company network or the IT security department of our company.
Baiting can also take a slightly different, but equally dangerous form. Criminals can drop data carriers, such as flash drives, into frequented places. They're counting on people's curiosity, on someone picking up the medium and plugging it into the device to check what data it contains. It may be seemingly empty, it may contain photos, music, videos, and it will certainly contain malware that will provide access to our computer to unauthorized persons. If we find such an item on the company's premises, we should hand it over to the IT department to check if it is a potential source of attack.
