Social Engineering is becoming far more prevalent in recent years. The attacker can target a large number of individuals for a generic offer or a smaller subset of individuals with a very specific approach tailored on a per-person basis.
The key difference between technical exploitation and social engineering is that, besides training, it is difficult to find a clear mechanism to significantly reduce the risk of an individual being susceptible. Social engineering is on a case-by-case basis and can drastically change in complexity depending on the scenario. The article this week will highlight high-risk areas and provide initial resolution steps if you encounter these:
1. Offers, schemes or investments – Draws an individual in over a longer duration. Slowly takes advantage of them for a higher pay-out.
Resolution: Avoid temptation to be immediately drawn in. Use the classic ‘sleep on it’ method. If it seems to good to be true, or you aren’t certain on the origin of the offer, decline.
2. Outstanding payments – Used by exploiting fear, debt collection or warning notices target those who will immediately pay without questioning further.
Resolution: Creditors have guidelines to work within. If you are being pressured, do not react and report it to the relevant professional body.
3. Impersonation – More crafted attack which involves full identity theft and charisma to draw out a longer exploitation for a high pay-out.
Resolution: Keep your paper-trail and digital footprint small. Remove when you no longer use them. Avoid leaving masses of personal information exposed to identity thieves.
4. Rewards – These are often considered high failure rate and are very easy to spot at the first instance. They target a large audience and rely almost exclusively on volume.
Resolution: Ignore all rewards unless released from an official body. The ‘too good to be true’ rule applies here.