Social engineering is a type of attack used to access organizations, frameworks, networks, or actual areas, or for monetary benefit by utilizing human psychology, rather than utilizing specialized hacking strategies/ traditional hacking methods. It depends on social collaboration to control individuals into bypassing security best practices.
You can say that after the second world war, coronavirus is the most dangerous and life-changing event in human history. Cybercriminals are taking this covid-19 as one of their new playgrounds. They are looking at this pandemic situation in a very different way than general people, these cybercriminals are opportunists, and they use all the available social engineering tactics to exploit general people using COVID-19 as a pretext to attract their victim’s attention.
As this pandemic made people lock themselves into their homes, the only way of communication is now digital. Everyone is now more connected to the internet than ever in history. The number of users is swelling and so the number of cybercrimes. According to the Economist, The Internet Crime Complaint Centre at America’s Federal Bureau of Investigation (FBI) shared a report that by June 2020, the number of cybercrime has increased by 75% since the start of the pandemic and from when the people started working from home. In addition to this, the number of complaints received in 2020 had exceeded the total for 2019.
Cybercriminals are using more updated techniques and tools and boosting their attacks at an enormous speed. The cybercriminals are taking advantage of the pandemic situation and exploiting the general people’s anxiety, fear, and lack of knowledge and awareness through social engineering.
Cybercriminals are exploiting the pandemic via social engineering in the following ways
Covid-19 Websites: Everyone is looking for answers regarding the virus all over the web, in social media, etc. As people are looking for information so it is a very lucrative field for the criminals to trap them via information regarding Covid-19 without any doubt. So, there is no doubt that hundreds of malicious Covid-19 websites and emails will come to you saying that you can have an exclusive insight into the pandemic here.
Phishing attacks: Phishing Attacks have risen dramatically leveraging the curiosity of people regarding this pandemic. Attackers are using different types of intriguing information along with links to more overview of the situation. As people are constantly getting engaged, their account or their system is getting compromised by this social engineering method.
Deceptive Links: A large number of people are forced to work from home and as many of them are not used to do all the work hustle online, many of them are becoming the victim of cybercriminals’ social engineering trap by clicking manipulative links or responding to voice phishing attacks where callers are manipulated to disclose confidential data without knowing.
Ransomware Embedded Emails: Covid-19 related ransomware attacks are rising alarmingly as people can be easily drawn to information related to this pandemic. As a result, when people are engaging in these ransomware embedded emails, links, website contents, they are becoming victim to social engineering and compromising their accessibility to their digital resources.
The FBI has identified digital protection assaults against the medical care industry since the beginning of the pandemic, for example, email extortion campaigns intended to get donations for non-existent medical services related associations and organizations and fake covid-19 case tracing applications that download malware onto a user’s gadgets.
Prevention and Recovery from Social Engineering Attack
Whether you are working from home or you are running a company, you need to pay attention to the details while interacting on the web. An organization needs to be super cautious in this pandemic and need to make the employees educated regarding the possibilities of becoming a victim of social engineering. Here are some recommendations to prevent and recover from social engineering.
- Restrict Access: While you are working in an organization remotely, you need to restrict access to only those who are needed to operate the system. Because when you restrict the access to your private network to just those members who are working remotely the chances of becoming attacked comes down.
- Two-Factor Authentication: Always use two-factor authentication in all the platforms you use to prevent your digital assets from any social engineering attacks.
- Don’t haste. Slow Down. Attackers will always want you to make decisions as quickly as possible. Because the more time you take to understand the more the chances of exposing the flaws reduce.
If you get messages via email, SMS, or any social media pop-up or a website pop-up, and the message is giving you a sense of urgency to make a decision or giving you something for free or in exchange for a very little amount of money that is too good to be true, slow down and give attention to details and avoid from clicking to those or responding to those messages.
- Always Cross-Check: You always need to be super cautious of any messages from unknown sources. If the messages you received are from a trusted site you used before, or a company you know, or a service provider recently you just had a service from, do your research before engaging yourself to those messages. So to be sure, go to a search engine and look for the real company’s site, cross-check the email id and the phone number.
- Beware of disguises: If someone’s email or device is compromised then the attackers exploit the opportunity to turn the victim’s contact into their new victim. So, if you get an email or text message from one of your contacts which you are not expecting or you are not expecting with a link or an attachment, do check with the person before proceeding to those contents.
- All that glitters is not gold. Do not download anything from a source you are not sure of. If you get an email from an untrusted or unknown source but giving you a download link offering you something for free don’t fall into the trap of social engineering. If you don’t know the sender just avoid downloading the contents. You also need to be careful when downloading any application on your mobile or pc. Because nowadays it’s very normal that attackers use some good value-added application to exploit a victim. From the surface, you may think that you are using a good application but attackers nowadays embed malicious codes and get access into your network or device and then finally take over your system.
- You haven’t won any Lottery! One of the most common social engineering is receiving an email from an unknown person, company, or group stating that you have won a foreign lottery or won a handsome amount of money from a survey, or a little donation for a charity then you can be sure that it’s a scam.
- Never share Personal Info Over the Phone. Always remember that if you get an email or text message asking for your personal and confidential data like your card number, pin, social security number, etc. then it is guaranteed to be a trap of social engineering. Delete any emails or messages that ask for your financial information or passwords.
- Beware of Scam Emails. You may sometimes come by some emails stating that they are responding to you for assistance, offering any help to get some offer, will give you a virtual tour of a real state, giving you free consultancy to get an easy loan, etc. are nothing but a scam. Don’t engage yourself here and do delete these kinds of emails.
- Proper use of Spam Filter: The email service you are using has built-in spam filters. Set the spam filter to high and check the spam folders regularly to see if an authentic email has been accidentally reached there.
- Email Headlines: Be cautious while interacting with emails that contain a subject line related to coronavirus, or any hyperlink, attachments, download links, related to pandemic.
- Learn from the Celebrity Victims. You must have heard about the Twitter attack that happened in this pandemic where celebrities such as Elon Musk, Bill Gates, Jeff Bezos, and Kanye West along with approximately 130 celebrities’ verified accounts were compromised. The attackers got control over 45 accounts. The attackers used these celebrities’ accounts and sent a message on social media asking for $1k worth of Bitcoin and receiving $2k in return. This was a very clever and well-executed scam. So, be aware of any sorts of financial bait you come by whether in social media or via email. Here you can see that even you can be tricked via verified social accounts too.
- Regular App Updates & use of anti-virus: It is always recommended to use anti-virus software, firewalls, email filters, and keep these functional and up-to-date. Update your operating system regularly and to be sure make sure to set automatic updates. If you are using a smartphone then use the updated operating system. Don’t use old versions of the applications because their security protocols are weak and prone to attack.
ARE YOU PREPARED TO SECURE YOUR BUSINESS FROM CYBER ATTACK DURING THIS PENDAMIC?