What is social engineering? How to protect yourself from online fraud

Social engineering is a key component of various types of fraud. By coming up with convincing lies, criminals exploit their victims through a series of social interactions, with the intent to steal money or to commit other white-collar crimes. As social engineers generally attempt to catch people off-guard, the best form of prevention is vigilance.

Fortunately, this article has you covered, so get ready to learn everything you need to know to defend yourself—both on and offline.

Social engineering is a way for criminals to steal sensitive information without hacking complex security systems. They use an array of manipulation techniques to build trust and deceive unsuspecting individuals. These techniques exploit aspects of human psychology to “engineer” the decision-making process and pressure victims into freely handing over their information—all without realizing that they’re in danger.

First, social engineers develop a convincing storyline to create a false sense of security for their victims. They may impersonate a person of authority, like a policeman or government official. Before the days of the internet, social engineering was mostly conducted through face-to-face interactions—think of Hollywood movies where con-artists gained access to high security buildings thanks to their charm and wit. It’s important to note, however, that social engineers won’t always be pleasant. Many of them choose to adopt forceful, sometimes threatening approaches, which can be highly effective in putting pressure on their victims to act.

In modern times, social engineering has become a serious threat online. It’s easier to send an official-looking email or entice someone to click on a link than it is to dress in an official uniform or try to gain access to a privileged area. Plus, the risks associated with asserting a physical presence are much higher than those for carrying out an attack online.

In any case, regardless of the technique(s) used, the goal of social engineering is to attain unsolicited access to someone for financial gain.

So, how do they do it? Below, you’ll find the most common types of attacks to watch out for online.

Social engineers use this tactic to coerce potential victims into sharing sensitive personal information. To achieve this, they may create a sense of urgency that compels their victims to comply with their demands within a certain time frame. Some, on the other hand, won’t request information from their victims immediately—skilled social engineers often bide their time in order to build trust before attacking.

Unfortunately, there’s no way to anticipate this type of social engineering. The most important thing to remember is that you’re always within your rights to question the identity of individuals claiming to represent organizations of any kind.

Baiting uses the false promise of an irresistible offer to lure people into a trap. Online baiting often takes the form of enticing adverts or ‘too-good-to-be-true’ offers. Imagine a link to download the latest Hollywood blockbuster for free—or a bright, flashy pop-up claiming you’ve won a cash prize.

Phishing is one of the most prevalent fraud types faced by individuals online today. That’s because, following the initial collection of data, successful attempts are often heavily reliant on social engineering practices. Phishing can be preceded or followed by a series of trust-building interactions or ominous threats.

With a quid pro quo, criminals trick victims into handing over sensitive information with a promise of an exchange of some kind. A common approach is that someone contacts you saying they work in a tech support department and claiming they have been asked to fix a problem. When criminals strike it lucky and find someone experiencing actual technical problems, they strike—access the person’s computer, and steal personal information.

What better way to exploit social interaction than communication which appears to be sent from a close friend? Unsurprisingly, this is also a popular choice for fraudsters, who hack email accounts and then spam the person’s contact list. Messages generally contain an eye-catching subject line, such as “Check out this cool website!”—or perhaps they will “link” to popular social media platforms. 

Because they believe that the email was sent from a friend, the recipient may eagerly follow the link. Rather than discovering a funny meme, however, the victim is redirected to a fraudulent website, where they’ll be in danger of downloading malicious software or having their personal information stolen.

Fortunately, although social engineering techniques vary, the countermeasures to fight it are essentially the same. Vigilance is key, as is treating any forms of contact from unknown senders with suspicion. Other ways to protect yourself include:

• Always question the source of emails that request something from you. Pay especially close attention to the sender’s details, and to any URLs that look suspicious.

• If correspondence appears urgent, take your time and don’t let yourself be pressured into taking immediate action. This is one of the most common ways social engineers force people to act first and think later.

• If an offer—online or offline—appears too good to be true, it probably is.

• Protect your devices by using genuine, well-respected antivirus or firewall protection.

• Use multi-factor-authentication (also known as 2-Factor Authentication or 2FA), which uses your smartphone, or another device, along with your password to access your accounts.

• Always double check links sent in emails and, if in doubt, visit the website in question directly by typing the address into your browser, rather than clicking on the link in the email.

• Don’t download files, share personal information, or follow links from unknown senders.

As we mentioned in the beginning of the article, awareness is the best defense against social engineering. Criminals rely on catching their victims off-guard, but armed with this knowledge, you’ll be one step ahead!

Article adapted from: Social Engineering: How to Protect Yourself — N26