Social Engineering Hacking - What it is and How to prevent it
Social engineering hacking is where an individual tricks someone into giving personal and sensitive information. For example, this could be confidential work information, plans, or even financial information used to commit fraud.
You’re probably wondering: what’s the difference between regular hacking and social engineering? Whilst hacking is more focused on a direct entry point to the information e.g. creating a breach, social engineering hacking involves manipulating others’ to obtain the information.
There are many different forms of social engineering hacks, these include baiting, email hacking and spamming, phishing, and more.
This article will first explain these different types of social engineering hacks, followed up with some actionable tips on how to prevent this from happening to you or your business.
Baiting (enticing others to give up information)
Baiting is a classic form of social engineering hacking. This method is reliant on others falling for the ‘bait’, whether this is clicking a link which grants them access to your files, the all too familiar “you have won £1,000” email, or physical bait such as leaving documents lying around for others to intentionally find.
Email hacking and spamming
Email hacking overlaps with baiting ever so slightly. We’ve all received spam at one time or another, often from an unknown account. Most of us are smart enough not to open or follow the instructions included within the email, however, some fall for this trap. The consequences of this vary, but usually include some form of virus or hack, allowing the hacker access to your contacts or files in some form or another.
Likewise, a hacker may compromise a well-known account, perhaps a work-colleague and pose as this person. As this is someone you trust, you are more likely to open a link from this person than a spammy account.
This is a common form of social engineering hacking, with this getting worse each year.
The final type of social engineering hacking we will discuss is phishing. Phishing is one of the most well-known forms of hacking and fraud.
Phishing also closely links to the other forms of social engineering hacking, however, this is specifically focused on luring people in to steal information.
For example, a hacker may send an email posing as your local authorities, perhaps paired with a threat should you not cooperate with their demands. These demands may be something as simple as providing your credit card details to pay an overdue bill.
Many, many small businesses fall for phishing scams. Often, these can be all too convincing, with smart hackers and social engineering on the rise.
So, how do you prevent this?
Check the sources of all domains within your emails
If receiving an email from someone or a corporation that you don’t know, it’s paramount to check the domain link before clicking. This ensures it’s from a trusted source, providing you peace of mind that the email is legit and will not cause harm to you or your business.
You can do this by using sites such as urlvoid.com, entering the domain name for the site to check it’s reputation (whether or not it’s malicious and safe to open). Using a site like this adds an extra layer of protection between you and the site, and is much safer than clicking the link yourself.
Likewise, you can also check the reply address to the email. This allows you to see who is sending the email and is a great way to spot scammers. Double clicking an email message should open this in an expanded window, toward the top of the page the email address should now be visible.
For example, let’s say the email is claiming to be your bank - if the reply address is a personal email then it’s safe to say it’s a scam.
Filter out junk emails
As previously mentioned, many social engineering hacks utilise email to prey on vulnerable people or employees.
To protect them, and your business, consider installing anti-spam software for your email services. Programs such as MailWasher and SpamTitan are popular choices, reducing the chances of these malicious emails reaching you in the first place.
Your email server likely already has a spam filter. However, the occasional malicious email can break through this. If this is happening regularly, it could be time to upgrade the filters, providing an extra layer of protection between you and social engineering hackers.
Regularly update your antivirus software to increase protection
Firstly, if you or your business does not have anti-virus software, this should be downloaded immediately. Anti-virus software is essential to protect your employees personal and financial information, alongside the businesses.
There are many different types of ant-virus software, with two of the most popular being Norton Security and AVG.
However, having the software installed isn’t enough. Ensure the software is regularly up to date, providing you with the latest patches, fixes, and most up-to-date security in-line with new and developing social engineering hacking methods.
Your software may update automatically, but it’s worth checking weekly whether or not it’s up-to-date. This can be done by opening the software and looking for the “look for updates” or “install updates” button. This is often clear and simple to find, however, many users overlook the importance of keeping it up to date.
If you’re unsure check with another source before giving away any information
Remember, very few, if any people will ask for your card details or other financial or personal information on the phone or via email. Your bank won’t even ask for your pin, nor should you give these details to the police.
If you’re unsure whether or not something is true, if it really is the bank emailing you, always check with the source first. In this instance, you would want to get in touch with the bank, informing them of the potential “scam” and asking for verification in regards to whether or not it’s legit.
The more thorough you are with this, the tighter your security and the less likely you are to fall victim of social engineering hacking.