Understanding Social Engineered Phishing Attacks

Cyber security does not begin and end online. Many people are surprised to find that social engineering and real world attackers are extremely common. This is a part of cyber security that most people don’t ever think about. 

Here are some ways that people are using social engineering and other real world attacks to get access to your important data.

Social Media Threats

We are all told to be careful about what we post on social media. However, this is usually about keeping your professional and personal life separate. There is not enough discussion about disclosure of personal data.

When someone executes a social engineered attack it is done by collecting data that you can often find online.

Some of the answers to the most common security questions can be found by reverse engineering information from social media.

People post about pets they’ve had and their names or post about the schools they went to when they were younger. Maybe there is a photo of you with your first car.

Things like:

  • Pets names
  • Teachers names
  • Makes and models of car
  • Streets you’ve lived on
  • Mothers maiden name

All of this and more is commonly found online, while also being some of the most common security questions out there.

It could only take an attacker a bit of time to find answers to many of these questions for many people. If they can get the answers to these questions then they can get access to your account.

This is why it’s so critical to be careful about what you post and how many people have access to your social media. It can be easy to reveal too much and put yourself in danger. 

Other Digital Social Engineering

There are other phishing tactics that don’t use social media directly. People who may seem like strangers might be targeting you directly to get information.

Dating apps, jobs offers, chat rooms, and more can be used to extract data.

Be careful who you are talking with and how much information you reveal. What may seem like innocent conversation at the start could actually be a way to get you to reveal too much. 

We do not say this to make anyone paranoid. However, it is more about staying vigilant.

Pay attention to questions that may seem too specific or lines of questioning that you feel may be trying to lead you something.

Social engineering, when done correctly, can be hard to find. It’s just about being alert and staying away of the dangers you might find.

Real World Attacks

Imagine that you are walking around the city and see a flash drive on the ground 

Do you pick it up and plug it in to see what’s on it?

Many people do, and attackers know that. It is not uncommon for someone to leave a piece of hardware that is loaded with a malware installed that is just waiting for an unsuspecting person to plug it in.

Curiosity killed the cat.

Technology is not always innocent. It can be very tempting to see what’s on a hard drive or plug in a SIM Card that you found lying around.

There is a good chance that it is harmless, but there is also a chance that there is a program installed that can steal everything.

It may sound like science fiction, but SimSwap attacks and USB devices are commonly used to extract personal data.

Protecting yourself from cyber security threats is not just about installing good antivirus. It’s about taking the steps every day to ensure your own safety.

Think about your digital security like personal safety. Be on alert to protect yourself. You don’t know what threats might be lurking right around the corner.