Defending against Social Engineering

Social Engineering attacks come in the form of either a familiar face to gain your trust, or anonymously to arouse your curiosity. The social engineer can work out his plans by involving people from normal walks of life or by creating regular situations or websites which look authentic to trap you unaware. So how can you remain alert and defend yourself from social engineering attack? Here are a few ideas...

 

Be informed and well educated: understand the dynamics of how social engineers work and be alert at home and in the workplace. Speaking recently to Qatar Tribune, Nader Herein, BlackBerry's Regional Director of Product Security, Middle East and North Africa, identified education as a key factor in strengthening cyber security and cyber-attacks. So whenever possible, attend training regarding security and comply with the official/school/institutional policies to be safe.

Be hyper vigilant: Be it school, home, malls, office, banks or on the Internet – be alert. Be aware of the surroundings especially in public places. Social engineers know that people instinctively want to help people in need, so if someone asks for help but expects certain personal or confidential information, be alert. Take time to reply or decide when you are put under pressure (face-to-face/telephone/Internet communication) by the person to reply or give information. If necessary stick to your opinion of not wanting to share the details, if you feel uncomfortable. Even at the risk of appearing ‘stupid, ‘ask uncomfortable questions like why they need the information and check if they really need it or not. It is better to appear stupid rather than be proved wrong in the end.

Update software regularly: Social engineers seek to determine if you are using outdated software so that they can exploit the situation. According to Chris Hadnagy, cofounder of Social-Engineer.org and operations manager at security training and tools firm Offensive Security, a lot of information that is leaked will not be damaging if one regularly keeps the software updated.

Regularly install upgraded antivirus software to the system and scan emails and attachments before opening them.

Foolproof storing and discarding: Since social engineers scan through every possible bit of information that is available, it is important that one should store personal information away from prying eyes. Always memorize passwords and pin numbers, never write them on notes or paper slips which could be stolen. Remember to shred notes, letters or envelopes having personal information before discarding them – people go through the trash looking for just this type of information (dumpster diving).

Know the pitfalls of greed and curiosity: Most scams are a result of people falling prey to social engineering attacks that appeal to the curiosity and greed of a person. A link that allows free limited downloads of the latest software/movie/song etc. if one shares some personal details. A click on an unknown link or opening/downloading an email/attachment with an appealing title is enough to compromise the system giving the intruder full access to all the details on the system. 

Comments
Leave a Comment