What Is Social Engineering?

Social engineering is the technique of exploiting human weaknesses to gain access to personal information and protected systems. It relies on manipulating humans rather than exploiting the weakness of a software or hardware system. In cyber security, social engineering is performed with the motive of manipulating people into making bad moves, such as providing personal or confidential information that can later be used against the person or an entity. 

How does it work

A primary component of social engineering is playing on the victim’s emotions, mainly fear and greed. The attacker does not want to give the victim time to think rationally; thus, they create a sense of urgency. Thus, the attacker will turn the victim’s willingness to help or need to be helped against them.

Types of social engineering attacks

• Phishing: Usually done through emails that mimic a legitimate entity. The email will instruct the victim about the need to urgently change their password or update their account through the link provided in the email. Unfortunately, the links are fraudulent and have been created by the attacker with the purpose of obtaining the victim’s personal information.

• Baiting: Attackers lure their victims with promises of grand fortunes such as great giveaways, job opportunities, or a way to earn money. Once a victim enters the attacker's link, they are compromised by giving out personal details of negligently installing malware.

• Scareware: Instead of luring the victim with false fortunes, here, the attacker scares the victim into thinking that the device is infected. The victim is then offered a “solution” by the attacker which is to visit their fraudulent link to clean the virus when in reality, it is that link that installs malware.

• Physical interaction: Attackers can leave malware USBs lying around in public, in public charging ports or sockets of which the victim need only physically connect the hardware into their device for the attacker to gain access.

Social engineering with cryptocurrencies and how to protect yourself

Many are lured into the crypto space with the promise of making a “quick buck,” and this type of greed from investors has become a breeding ground for cyber-attackers, especially because of the low regulation around the crypto space. Thus, it is important to manage risk well and to not get caught up in emotions of greed, fear, or Fear Of Missing Out (FOMO). Below are a few ways that rookie investors can protect themselves.

• Educate yourself about cyber security and the crypto space. Additionally, Do Your Own Research (DYOR) on a project before investing.

• Be cautious with unexpected emails and their attachments.

• Avoid giving confidential information.

• Do not repeat passwords for accounts.

• Be careful with the information you share on social media.

• Set spam filters to high.

• Avoid clicking on links or apps that are sketchy or of an unknown source.

• Install trusted anti-virus software.

• Use multifactor authentication, such as two-factor authentication (2FA).