What is social engineering? Sounds serious, doesn’t it?
As a matter of fact, social engineering is a major issue. It’s the topic for Google’s second installment of #NoHacked. In this latest article, Google identifies several types of social engineering as well as offers tips on how to protect yourself.
We at SEO Inc. go a bit more into what social engineering is while highlighting and elaborating on Google’s main points about this hot web security topic.
What is Social Engineering?
Social engineering uses psychological manipulation to get users to give up sensitive information such as passwords and PINs. These are designed to trick you into thinking you’re verifying info with or using a service from a source you trust. This information is then either sold or used to manipulate your accounts.
It’s a term that’s seeing increased use in the realm of IT security. Google has even done a study that showed phishing had a 45% success rate with certain sites.
You may have come across a form of social engineering yourself. Maybe you saw through a malicious site’s attempt to get your information. Whether you have or not, social engineering is everywhere.
Different Types of Social Engineering
Anyone online needs to be wary of the most common social engineering techniques currently plaguing the Internet. Social engineering attacks can come from your email, web browser, or anywhere else you commonly go online.
Phishing is one of the most common social engineering tactics. At first glance, these sites and emails look pretty legit; some might look like sites you use and trust or appear to be from people you know. But careful inspection reveals something slightly off about them. For example, they could have the brand name in the URL but it may not be part of the main domain. This is a sure sign that you’re looking at a phishing site.
Planting malware into out-of-date software or tools is another of the most common types of social engineering techniques. These can stow away in plugins or add-ons that, when activated, steal sensitive information from your site.
What to Watch for
Google recommends two solutions to avoid becoming a victim of social engineering. The first of these is staying vigilant. As long as you’re wary each time you’re asked to input your information, you should be able to tell if the site is real or just trying to trick you.
The second solution is to use 2 step verification, also called two-factor authentication, for your important accounts. We went into this a little in our last blog, which explained how verifying your info using two sources can add extra protection to your accounts. So even if your password is stolen via phishing or some other social engineering means, 2 step verification will stop them from getting in the account.
Now that you’ve learned so much about the different forms of social engineering, it’s up to you to ensure your own protection. The good news is that when it comes to social engineering prevention, it’s all about looking before you leap. The best thing you can do is be wary and watch where you’re putting your information. That’s the first line of defense to thwart any social engineering attempts!