Cyber security threats are becoming increasingly more prevalent as life continues to drift further and further into online space. Many of the world’s biggest companies have fallen prey to cyber scams, showing that they can happen to just about anyone.
Vigilance is required to keep yourself safe. In this article, we take a look at some of the most prevalent threats out there in 2023 and describe how you can keep yourself safe.
What is Social Engineering?
Social engineering attacks are designed to trick you into doing something you otherwise wouldn’t. Rather than peeling back the layers of your firewall and other virtual security through malware, they usually play on your emotions to trick you into holding the door open for them.
The good news? Like vampires, social engineering scammers need to be invited in. That gives people who understand what is out there a lot of power. Here are a few common social engineering threats out there.
Phishing emails are designed to trick you into voluntarily handing over valuable personal information. Virtually everyone with a computer or cell phone has experienced these in the past. You get a message from Netflix saying that your account is on hold until you update your payment information.
Ordinarily, you wouldn’t fall for that one. However, you have a few friends coming over tonight and the plan is to watch Stranger Things.
You make a choice you usually wouldn’t, and that’s how they get you.
Whaling is a subtle variation on the phishing scam in which bad actors target a specific, usually high-profile, person. There was a weird one a few years back where a scammer impersonated a literary agent and emailed well— known authors asking for copies of their works in progress.
A surprising number of writers fell for it. Most people running whaling scams are looking for more than just books.
Pretexting scams happen in both the physical and virtual worlds. Rather than relying on creating an artificial sense of urgency, they work by tricking the victim into feeling a sense of comradery, or at least professional affiliation with the victim.
For example, say you get an email that says it is from Dave at work. The email asks you to resend the payroll information— files that contain an enormous amount of personal information.
The request is slightly unusual— you can’t think of any reason Dave would need that— but what the heck? He’s a good guy, and there’s no reason not to let him have it either.
Well, actually, there is one reason. That’s not Dave. A person of ill repute has taken their information and used it to create a fake email. Not hard to do, and very effective.
You can protect yourself from pretexting scams by verifying all unusual forms of communication through a second source. Call Dave and ask him a question about the files he requested. If he doesn’t know what you are talking about, you just dodged a bullet.
Baiting is another variation of phishing. In this case, the victim is made an enticing offer. For example, an email saying that they have won a $500 gift card to Amazon. All they have to do is fill out a survey.
Sounds like an obvious trick, right? Except that the email really does look like it came from Amazon. It helps to understand that companies don’t acquire a multibillion-dollar value by handing out $500 gift cards for no reason.
However, if you need more proof, reach out to the company through their website. They will happily dispel you of the notion that you’ve won something. They might even sell you a Prime membership while you are there.
While social engineering attacks have a way of feel particularly nefarious, and maybe even hurtful, they actually exist along the same lines as any other cyber attack. Someone tricks you into making a bad choice, and you pay the price for it.
Malware-based cyber attacks might be more subtle in their methods. Perhaps you get a virus after following the wrong link, or even using a dicey WIFI connection. However, the overall situation remains the same.
Staying safe online requires constant vigilance. To protect yourself, you must:
- Educate yourself on what is out there. You did that one. Good job.
- Keep your firewalls up to date. Virus protection software won’t do you much good in situations where you voluntarily hand over your private information. However, they can be very effective in situations where someone is trying to gain access to your computer remotely. Keep them up to date. It’s easy, and it can have an enormous impact. At work, your IT department can help walk you through the steps you need to take to keep your computer as safe as possible.
- Learn to be distrustful. Your parents may have raised you to see the good in everyone, but that doesn’t apply to your email folder. When something suspect comes along, you should treat it like a scam until you can determine beyond any shadow of a doubt that it isn’t one.
- Independently verify questionable communications. We touched on this one but it bears repeating because it is the most effective tactic against virtually any social engineering threat. To keep yourself truly safe, use multiple channels to determine the authenticity of an email.
If all of this sounds exhausting, that’s because….it is. Safety always comes with a price. At home, you take time to lock your doors and windows. During Covid, you wore a mask and stood six feet apart in line at the grocery store.
Online, the price is constant vigilance. It can be tedious, but that’s what bad actors are counting on. They want you to get lazy and slip up. Don’t do it.