One of the most common means through which people get hacked these days is through social engineering.
Knowing fully well that humans are the weakest link in the cybersecurity chain. Most cyberattacks today are designed to leverage human weakness in their delivery.
Despite the amount of security apparatus put in place for your system or endpoints. If the people using it are not following good cybersecurity hygiene necessary for its protection, it will still be hacked.
So, there is no reason using a bulletproof door for your house when you will open the door to anyone that knocks claiming to be your neighbor or friend.
What is Social Engineering?
Social Engineering is the act of manipulating or tricking people into lowering their security guard or into making security mistakes that exposes their confidential information to an unauthorized person.
One thing that made social engineering so powerful is that it doesn’t only rely on human psychological weakness alone. It also taps into our technical ignorance too.
This makes it a very powerful tool in the hands of attackers and that is why we should talk about it.
6 Countermeasures For Social Engineering
1. Always Verify Website Address Before You Type In Your Login Credentials
One thing attackers do is create a clone or a resemblance of a website login page using a social engineering tool kit; it might be a bank or social media website.
Then they will send out the link to such websites to innocent users who might end up typing in their Login credentials to such websites without checking.
Once you type in your Login credentials in such a hoax website; the details will be sent to the attacker remotely as you will then be redirected to the genuine website. Most times you won’t even notice that your account has been hacked.
So, it is very important you learn to always check the address bar of your browser or the website address to know if there is a warning that the web address is not secure or whether the website address is the right one.
This is very important. Don’t ever assume because the web page looks exactly like your Facebook login page or your bank online login page and type in your details without checking.
Whenever you want to visit an official website. Make sure you typed the website address yourself correctly, or better still, confirm the address before you start typing the login credentials.
Hackers use different means to deliver the hoax website to their victims. Sometimes it might be through a pop-up window on the victim’s browser or device, embedded link in an email, chats, posts, or through a redirect from a genuine website.
So, be very careful whenever you are on the Login page of a website.
Related Post: Three Reasons Why We Fall For Internet Scammers
2. Avoid Downloading Files Attachment From an Unknown Source or Opening Strange Files to Know What is Inside.
Be mindful of how you download email attachments from an unknown or unsolicited source. Whenever you don’t trust or know the sender of an email, it is better to delete it than click around on it to know what is inside.
Learn also to turn off auto file downloads on every application you use. Always delete strange files or applications you see on your device that you can’t remember downloading and are not your device resources.
Reason being that Malware can be transmitted to you through such files. Opening a file to know what is inside is enough to land you to a ransomware attack and to spyware or Trojan attack.
3. Don’t Give in to Fearful or Enticing Bogus Alerts.
How will you react if you get a call from a stranger who claims to be from your bank? This time, the caller is not only claiming but is also giving you some correct facts as related to your bank account. The caller, after proving to you the most correct information he or she has about you, is now requesting your ATM card details in order to help protect you from an attack that might happen to your account.
The scenario above is an example of a fearful, bogus alert. Due to fear, the victim might end up giving in to such a trick.
Aside from through phone calls, another way you can get such attacks is through an email, SMS, or through device or browser pop-ups.
There will be times when a pop-up alert will appear from nowhere on your device; such an alert might indicate that your device has been infected with malware or virus. The alert will always give you a link to download an antivirus to delete such a threat.
Please learn never to click on such links. If you need an antivirus, download it from a genuine antivirus vendor yourself.
You might also receive an email claiming to be from your bank or social media application vendor that your account has been hacked or is about o be hacked. Such an email will always come with a link you can click to resolve the issue.
Never click on such a link except you confirmed the email from your bank truly. You can as well login directly to your online account to confirm the scenario.
This doesn’t only stop at bad bogus alert. There may be a time you will receive a bogus alert that you have won a lottery or that your bank or country is doing cash give away. Please don’t click a link that comes with such an alert without confirming or verifying.
4. Don’t Ever Assume You Know the Person at the Other Side Of a Phone Call, a Chat, or an Email Conversation.
That the voice sounds like your boss’s voice doesn’t make the person your boss.
That the email came through your boss or friend’s email address does not also mean it is them that sent it.
If you believe that people’s email or device can be hacked or stolen; you should be careful before you obey requests that come from them through the medium.
Don’t blindly obey instructions because it came from a trusted medium over the wire. Make sure to do your confirmation or verification before you fulfill such an order.
Business email compromise has become one way many big companies get hacked.
Remember not to verify people using the same medium they used in contacting you.
If you receive an email from your boss to make a money transfer to an account. It should be part of your company policy to call to verify.
Even if it is a friendly transaction or pending transaction, don’t ever believe the person continuing the chat with you is still the same person.
You should learn never to trust what you are not seeing or have not confirmed.
Related Post: Online Security-Five Common Internet Mistakes You Should Avoid
5. Don’t Receive Online Technical or Customer Support You Didn’t Solicit For
If you suddenly receive an unsolicited support email or phone call that your device or bank account is having an issue, and the sender is trying to offer you help remotely. Please avoid following such instructions except if you know what you are doing.
It is advisable you visit the affected company if they are close by or call their genuine customer care line to verify if there is a thing like that.
This might not be only about technical support due to device damage or defect. It might be a support to help make your social media handles a money-making machine. Whatever support it might be, before you start receiving it remotely, browse or call the company directly to know if there is a thing like that going on.
6. Learn to Slow Down Before Responding Through Clicks or Payment
Don’t click on every link that is beckoning on you to click.
Whenever ever you want to click on a Link out of fear, please slow down.
In situations where you are anxious or curious to click just to know more, please slow down too. This is applicable irrespective of where the link is coming from.
Whenever it’s too good to be true, please slow down too.
Always verify and never trust.
Related Post: How You Get Hacked- Basic Cybersecurity
Additional Tips
It is also advisable that you use mail box filter to direct mails to their respective folder. Filtering your mail inbox will help you to detect phishing mails as they arrive. If you are using Google mail there is a mail filter feature. Read the related post below:
Related Post: Two Built-in Gmail Features That makes Your Emails Management Simple And Time Saving
Learn also to turn on multifactor authentication in all of your online accounts that have it enabled.
Very educative post sir. Thank you sir..