Social engineering, the weapon of cybercriminals
What is social engineering? We can define it as the strategies that hackers follow to scam users. They are basically techniques that seek to steal passwords, data or infect systems based on deception. They can use alerts, play fast, say there is a problem and needs to be fixed, etc.
For example we can talk about Phishing, which is one of the most important and dangerous social engineering techniques. An attacker can send an email to a user saying that there is a problem with their Facebook account, Netflix, email, or whatever. It tells you that you have to urgently log in and verify your identity, change some information or something similar.
The problem is that this really is a swindle. The victim, the user who receives that email, actually if he logs in, sends some data or downloads a file, he is doing it from links that are false. It is a social engineering strategy to get hold of the victim’s password or steal some kind of information.
Another social engineering technique is what is known as Farming. In this case, the attacker gradually gains the confidence of the victim. They can contact for example through social networks. The objective is to collect information, data that can later be used against that user. For example, they could threaten to publish personal data, company information, photos, videos …
But social engineering can also come by phone. It is what is known as Vishing. The attacker calls the victim and poses as a legitimate organization, a company that offers him some kind of service. What you are looking for once again is to obtain personal data or sensitive information that you can use.
How to protect ourselves from social engineering attacks
So what can we do to protect ourselves from these types of security threats? Without a doubt the most important thing is the common sense. We must avoid making mistakes that could compromise our data. For example, you never have to log in through a link that reaches us by email, social networks or similar. Also be alert for any strange message, call or website that asks us for information.
It is also essential to have a good antivirus installed, such as Windows Defender, Avast, Bitdefender or anything similar. It is true that by itself it will not protect us from many social engineering attacks, but it could detect malicious files that we download as a result of those attacks, for example. It is important to protect bank accounts and other sensitive services.
We can say something similar about the updates. It is important to have the equipment updated correctly, although by itself it will not protect us from social engineering attacks, it will correct certain vulnerabilities that an attacker could take advantage of.
Therefore, social engineering is a major problem and it is desirable to be protected. They could get to sneak keyloggers without us detecting them, for example.
