The Human Vulnerability: Tips to Avoid Social Scams

social_engineering

Take a minute and think what is the weakest link when it comes to cyber security. If you thought it was poor security software or hardware, then you are wrong. I am sorry to inform you, but the weakest link in any information system is you. Humans are still the number one vulnerability in any system. The question is can we “patch” humans to make them less vulnerable?

Background

The results of this year’s Data Breach Investigations were problematic, to say the least. According to the report, out of 1616 incidents and 828 breaches, 43% of these breaches occurred due to social attacks. Social attacks involve social engineering where the would-be-hacker attempts to trick a user to willingly give their, personal information, credentials, and passwords. Education is your strongest weapon to defend yourself from vulnerabilities.

43% of breaches involved social attacks. Source: Verizon Data Breach Investigative Report.

43% of breaches involved social attacks. Source: Verizon Data Breach Investigative Report.

The following are a list of recommendations to ensure that you, your peers, or employees do not fall victims to social attacks and phishing. Some of these suggestions might seem like common sense to some, yet because they are so obvious, we are sometimes inclined to let them fly over ones’ head.

  • Be wary of pretexting

  • Pretexting is a form of social engineering where the scammer attempts to create a believable scenario with the goal of getting a user to perform a particular type of action. An example would be receiving an email from the IRS stating that you owe taxes to the government and demand some form of payment. Some of these emails might even be personalized to contain personal information from the user to make them more believable. Always verify these types of emails through another means of communication before committing to anything.

    Pretexting example. Source: udel.edu/threat/2015/10/26/spear-phishers-try-to-use-security-awareness-to-trick-udel-members/

    Pretexting example. Source: udel.edu/threat/2015/10/26/spear-phishers-try-to-use-security-awareness-to-trick-udel-members/

  • Security Software

  • Many anti-malware programs have features that allow them to scan attachments from emails before they are downloaded. It is important for you to have some security software installed on your computer not just to protect yourself from phishing scams but any cyber security threat. Make sure that your security application is up to date and performing routine scans.

  • Suspicious attachments

  • Be careful when opening attachments from emails. Even when the sender is someone on your contact list, there is no way to tell if they have been infected and are forwarding malicious software. As suggested before, make sure you have security software installed that can scan attachments on your email before your computer becomes infected.

    Fake attachment example. Source: Tom Scott www.twitter.com/tomscott

    Fake attachment example. Source: Tom Scott www.twitter.com/tomscott

  • Suspicious Links

  • Just like with attachments, one must be careful with the links being clicked on emails received. These links could lead to fraudulent websites that can trick you into giving your credentials and personal information. Furthermore, these sites can run malicious scripts just by accessing them without you having to do anything. Before clicking on a link verify that the email is from a trusted sender and, in the case that the sender has been infected, check the website the link is pointing to.

    Suspicious PayPal redirects to a phishing site. Source: http://www.bustspammers.com

    Suspicious PayPal redirects to a phishing site. Source: http://www.bustspammers.com

    Conclusion

    As discussed there is still hope to patch humans to be less vulnerable to cyber attacks. An educated user base and a set of protocols will help mitigate a number of intrusions from social engineering attacks. However, being that cyber-attacks are ever changing and evolving to adapt security measure, so must one keep updating oneself with the latest security trends.

    Leave a Reply

    Your email address will not be published. Required fields are marked *