Social engineering or the art of cheating, yes, you read correctly, this discipline is far from the term to which we associate the word engineering. Engineering? Aren’t they the people who design and build things like bridges, airplanes, … or computers?
The truth is that this term has its origin in the social sciences and refers to the effort of change factors, such as a media, governments,, or private groups, whose sole purpose is to influence or shape using manipulation to achieve an objective, which in many cases is good, as in the case of awareness campaigns, or many others with less honest purposes.
Therefore, we can see in our day-to-day political parties, experts in marketing and advertising,, or the media making use of social engineering.
What is the use of social engineering in cybersecurity?
The cybercriminals use social engineering techniques to trick their victims and thus get them to share personal information or any other personal information.
Social engineering takes advantage of people’s cognitive biases to achieve its goal, which in the case of cybersecurity is to obtain confidential data.
We can then extract that social engineering bases its behavior on the premise that it is easier to handle people than machines.
Thus, psychological manipulation techniques are those used to attack the victim, telephone calls, instant messaging, social networks, email, … they are many and varied, and as technology advances, cybercriminals improve these techniques in such a way that the victim is very often not realizing that he is being manipulated, in this way they can steal our identity and come to act on our behalf, but this is not all, we are going to see some more used techniques, although there are many and very varied:
Spam in our email is the oldest social engineering technique. Every day, when we open our email manager, we see a huge amount of unwanted emails, which in the first instance are quite annoying and in the best of cases, they make us waste our time by eliminating them.
But the truth is that the vast majority of these emails are aimed at us to act on it, click an attached link, download an attachment, … in this way they can inject malware into us.
The simplest form of cyberattack, but also the most dangerous and effective.
Phishing imitates or impersonates the identity of a person or organization, making it easier for us to click on a link among other things.
You can reach us via email, by phone (vishing), via SMS (smishing).
This type of attack is possibly one of the most difficult to detect since the attackers impersonate another person, both within the internet and social networks, as well as outside of them.
Cybercriminals spy on and investigate the victim to create a story or pretext credible enough to be deceived.
How do we avoid social engineering attacks?
It may surprise you, but the best way to avoid social engineering attacks is to use common sense.
In a world as fast as today’s, it is easy for us to open an email because of the rush, so in addition to configuring our manager well to avoid spam as much as we can, we must spend a few seconds before opening any email try to ensure that it is from a reliable source, therefore, if, to protect ourselves, it is best to be suspicious.
Another measure that we can choose regardless of the operating system we use is an antivirus, this will help us to identify malicious software among other things.
Raising awareness, through training people inside and outside the work environment, is one of the best ways to mitigate social engineering attacks.