With threats like ransomware making headlines frequently (first with the WannaCry bug and then various infrastructure attacks in the EU), many of us are worried about cybersecurity.
Malware evolves constantly, looking for ways to bypass security methods. One strategy in particular deals with social engineering.
If you’re not familiar with social engineering, it’s a simple but devious concept. Essentially, third parties attempt to bypass security or access your information by disguising themselves as a friendly proxy. It’s called “social engineering” because external threats utilize information they discover about you – friends, family, contacts, etc. – and craft a fake message based on that.
Here’s an example:
You might one day get an email from a bank account which says an unauthorized transaction was made. You open the email, slightly panicked, and at first glance everything looks official. You click the link inside the email and surprise! Turns out this was a malicious message.
How could this be? Everything looked correct. Or did it?
Going back, the email does indeed look pretty official. Even the sender’s address seems correct. But, these are cleverly laid out traps meant to bypass the best line of defense: personal scrutiny.
This scenario certainly sounds scary. Hackers are able to mimic messages from verified accounts without detection? How can you catch that?
Fortunately, despite how clever aspects of social engineering are, there are numerous shortcomings and ways to protect yourself if you ever encounter a slightly suspicious message. For one, while these emails can often look precisely like an official email, what with official logo, footer text, and sender address, they’re often littered with flaws.
The first are small errors, like spelling, random changes in font style, and bad grammar. You might notice, suddenly, a line of text changes to the color blue. Or a sentence starts without capitalization. These tiny tidbits are dead giveaways because official emails are often sent by bots. Nothing is going to contain errors.
Then there’s the link. Perhaps the message you receive is from a friend’s email address, and, trusting this, you click on it. The message, however, might look bizarre and contain a link to click on. This is usually a huge red flag, especially when dealing with sources of personal information. Any time a message asks you to click on a link, it’s a sign someone might be after your info.
Again, with the engineered bank email, let’s say you do click on the link. From there, you’re prompted to put in your login information. However, the page you’re doing it on doesn’t seem familiar. The cautious mind might notice the Web address looks completely wrong, and as it turns out, this login area is actually just you giving away your information.
It’s quite alarming, isn’t it? The thing to remember is that social engineering uses your own information against you, and that catching these threats requires an extra level of care. Always be suspicious when unverified claims are made about transactions, hacks, or exploits. Official companies will often call, text, or alert you if there are major problems with your account.