Social Engineering? What is that?
The basic way to explain Social Engineering is when a person is able to do nothing more than ask you questions and get answers needed to gain access to your accounts. Without realizing it, you can give crucial information to an attacker while just talking to them.
An example of a phone conversation, where social engineering happens, would be, “The Gas company” calls, and says there is an issue with the billing on your account, and they give you some simple verification information, the name of the local company, your name, and address, maybe even the balance due, and start to request vital information, such as social security numbers, payment information, etc. If you give them this crucial information, the attackers now have your information and can use it how they wish.
Another example is on social media if you get those random friend requests, and then after some time, they start asking you questions, slowly getting more detailed. For social media, you should always verify that you know the person before adding them. When you friend someone, you release a lot of identifying data. Would you want to possibly give your address away to a stranger? Your phone number?
These same sorts of situations can happen with places such as the IRS, financial institutions, and more. You should never give information away unless you are 100% sure you are speaking with who you should be. If you feel the need, you always have the right to terminate the call, and to call back at a known number of whom is claiming to be in contact with you to verify.
Social engineering can happen over the phone, Social Media, through the mail, email, even in everyday life.
How do I protect myself from Social Engineering?
- Never give our identifying information over the phone, unless you have verified you are speaking with is the genuine person
- Make sure you don’t give out excess information. Does what they are requesting, match what they would need? ie, the IRS doesn’t need a copy of your computer’s password
- If needed, end the call, and verify the contact by giving a call back at a known good number. I.e, if your “Credit card company” Calls asking for info, call them back at the phone number listed on the back of your card, and speak to them.
All in all, Make sure you verify every “Information Transaction”. Verify what is needed, and who is requesting it, and remember, Don’t be a puppet for the bad guy!