The Dangers of Social Engineering (+How to Protect Yourself)

Mara Calvello
Mara Calvello  |  July 15, 2019

On a scale of one to ten, how trusting are you?

If you answered ten, you could be the perfect victim of a social engineering attack. In the world of cyber security, social engineering scams are one of the most common, as they prey off people’s trust and willingness to give up their most personal and sensitive information.

Whether you think you’re overly trusting or not, it’s best to be aware of these scams and the ways you can protect yourself from being targeted. To do so, just keep reading.

Social engineering 101

Unsure what social engineering even is? Let’s start with a definition.

Hackers who specialize in social engineering are professionals at manipulating human feelings, like curiosity and fear, in order to carry out cyber attacks. These hackers use psychological manipulation to trick others into making security mistakes or giving up their sensitive and personal information.

Types of social engineering attacks

There are six main types of social engineering attacks that you should be aware of. Let’s break them down into detail so you know what to look out for.

Baiting

Baiting, a form of social engineering, is when a hacker uses a false promise to pique the interest, greed, or curiosity of a victim. They lure and trap their victims, and effortlessly stealing their personal information or exposing them to malware.

For instance, let’s say you’re in the parking lot at your place of work and you stumble upon a flash drive. You plug it into your laptop and it’s titled “Confidential”. As soon as it’s activated within your computer, malware will automatically begin to download, infecting your files.

Quid pro quo

Social engineering attacks in the form of quid pro quo involve an exchange of either information or services, and the hackers always make it seem like a fair one.

Let’s say you’re having an issue with your computer and are in need of some tech support. You’ll hand over the login information to your computer, thinking you’re about to receive help, but instead, the scammer will take full control of your computer, loading it with malware and other viruses, and even stealing your personal information to commit identity theft.

Phishing

Phishing is when a hacker obtains information using fraudulent communications targeted directly at an individual. This is usually done through emails that are disguised as a legitimate source, create a sense of urgency, and include a link to a malicious website.

An example of phishing is if you’re sent an email that looks like it is from your bank, requiring a change of password with a link to do so. This link would then send you to a malicious website that will hack your personal data and fill your device with viruses.

Learn more: What is Phishing? →

Vishing

Vishing is the voice version of phishing, hence the name. Instead of using email or text messaging, the scammer uses the phone to trick their victim into handing over personal information.

Scareware

Scareware is when a victim is repeatedly sent false alarms or misleading threats, which are made to look like a user’s system is infected with malware. This will then prompt the victim to install software that will hopefully solve the issue, but is typically malware itself.

This is also referred to as deception software, rogue scanner software, or fraudware.

Think of scareware as those pop-up banners that appear when you’re using the internet, saying that your computer may be infected with harmful programs, and you should install a tool to clean up your computer.

Related: Interested in making a career change? Check out these 8 in-demand cyber security jobs.

Related content: 8 In-Demand Cyber Security Jobs →

Pretexting

This form of social engineering is when a hacker is able to obtain information through a series of well-crafted lies that capture someone’s attention.

Let’s say you’re sent an email saying you’re the beneficiary of a will, and you need to provide some personal information before you can receive your inheritance. When doing so, you’re at risk for giving the hacker access to your bank account and it’s only a matter of time before they withdraw funds from your account.

Stages of a Social Engineering Attack

Preventing social engineering attacks

Now that you know the types and what to look out for, let’s take a look at how you can prevent a social engineering attack.

The first step you should do to protect your data from being hacked is investing in antivirus software. These tools will prevent and detect the presence of malicious software before hackers can do anything detrimental to your device. If you aren’t sure which of these programs is right for you, check out our comprehensive list!

See the Highest-Rated Antivirus Software →

Once this software is installed, there are other things you can do to be alert. For instance, don’t open any emails and attachments from a suspicious source. Don’t recognize the sender? Hit that delete button right away and definitely don’t open any questionable attachments. Even if the email address looks familiar, they can easily be spoofed and what looks like a trusted source can actually be an attacker.

Next, use multi-factor authentication to ensure the protection of every single account you log into, whether it’s your banking account or your Twitter profile. Of course, be wary of an offer that sounds too good to be true. Did you get an email that you won the latest iPhone or an Italian cruise? Chances are you didn’t and this is a hacker attempting to lure you into a scam.

I know we live in a fast-paced world, but another way to prevent being a victim of social engineering is to take it slow. Those who are targeted are typically moving too quickly to realize there’s a scammer behind that email, text message, or phone call. Take the time to think about if the message sounds fishy, if the email address is legitimate, or if the URL is spelled correctly. Taking these few extra minutes can save you a lot of pain and suffering along the way.

And, when it comes to your business or organization, make sure that employees are provided with top-notch security awareness training software that will help them to better identify malicious content, fraudulent emails, and other scamming attempts.

Unsure what kind of software would be best for your company? Check out our list, totally free!

See the Easiest-to-Use Security Awareness Training Software →

You can never be too careful

Especially when it comes to keeping your identity or personal information out of the wrong hands. With the amount of time we spend online increasing every day, it’s more important than ever to be aware of the social engineering threats we face. And maybe it’s best if we’re a little less trusting.

Interested in other ways to stay secure? Check out these 13 cyber security tips from the experts and keep your data on lock.

Get 50+ cyber security resources, FREE.    Get my resources →

Mara Calvello
Author

Mara Calvello

Mara is a Senior Content Marketing Specialist at G2. In her spare time, she's typically at the gym polishing off a run, reading a book from her overcrowded bookshelf, or right in the middle of a Netflix binge. Obsessions include the Chicago Cubs, Harry Potter, and all of the Italian food imaginable.