Header Ads

How to Stay Safe From Social Engineering Attacks in 2017

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Within the six years of my experience as Cyber Security Researcher at Secret to Success & EHC, I have seen social engineering as the easiest and the most effective way for any attacker to go through your personal information and to use them in a notorious way. It's very easy for anyone to trick you into a keylogger to steal your passwords or to download malware to use your systems remotely or scamming you to give away your personal information have always been best ways to get access to your financial records, email accounts or your information to use for stealing your identity.

Hackers have always been more sophisticated and it's very difficult to find ways to stay protected from such real threats.Here are few best measures to ensure your accounts and personal data stays safe.

Phone Call Attacks: 

Be careful with your phone calls, as it is useful for you, it is even more useful for any attacker to get your data. It's 2017 and you need to be more careful with you Phone Calls. Unwanted calls should always be avoided so if you receive a phone call from a number you don't recognize, you can simply avoid.

If there's something important surely you will get a message or you will be contacted by other means. If you answer and someone claims to be from the customer beware of customer support scams and get confirmed from the company they claim to be from.

Email Attacks:

Email is a treasure island for Phishing Attacks, MIM Attacks, Social Engineering Attacks Malware Attacks and all other sought of attacks. The phishing attack is the easiest way to steal passwords to your different accounts. While we always suggest our readers to use different passwords for all their accounts we've noticed people using a common password for all their accounts. This is why Phishing attacks can be the easiest way to get control over your online presence simply getting your single password. 
You can protect yourself from email attacks by avoiding links or downloading any attachments you receive through email from people you don't know or trust. Even if an email is from someone you know, double-check the URL or attachment and verify with the sender.

Storage Device Attacks:

In our research conducted in Mumbai, we found people willing to use media storage device randomly found in a public place. While it's very normal for anyone to simply be happy in finding such devices fallen across streats or in public place we have seen attackers scamming their prey in such greed to gift them Malware like Trojans through such storage.

Social Media Attacks:

Social Engineering largely depends on playing with person emotions more than actual passive attacks. It's very common for an attacker to scan your social media profile to find your personal information. Social Media is a Gold mine for an attacker looking for your personal & Professional information. If an attacker succeeds in finding your email now he can use it to send you phishing links or malware through your email. 
Make sure your social media profile is as private as possible as your privacy is always most important.Make your posts available for friends and family only. And also be careful with requests & messages you receive on social media. 

Website Attacks:

Always be careful with the links of websites you visit. Well furbished phishing pages are the best way to succeed in Social Engineering Attacks and attackers do know it how to con you with the look of your favorite site and they also know how to make you visit their site. 
You can stay protected from all such attacks by having a careful look at the URL of the site you are visiting. be careful with the misspellings like (http://www.ethicalhackrsclb.in) in the URL and check to make sure it's the right domain (.in .com, .org, net, etc.). 

Be careful with your needs and greeds as social engineering often targets on those who are seeking something, such as dating, or a job. If you find something that's too good to be believed,  it may be.Ensure that the listing is genuine by going to the company's official website, also verify the person who posted the listing is legitimate.

Attacks in Person:

Attackers are getting more aggressive in their approach towards success and social engineering has faster moved from digital to personal approaches. Be protective of people asking your sensitive information outside digital platforms. Even if it seems harmless, there could be a Ricky Bahl waiting to use the apparently harmless information to gain access to your accounts.
For example, your birth location, your mother's maiden name, the name of your favorite pet, your best friend's name, or your son's birthday could all be security questions you've set on your different accounts which you don't even remember that a person could use to try to get in and change your password.  
We always suggest you use Two-Step Verification were ever possible. It's the best protection available for your online presence. 

At last the most important tip is that you should always be on the cautious for someone trying to influence you up to take away your information. Don't offer any personal information to someone asking it. If you get a call, an email or an in-person request for information, verify the authenticity. And always remember no company requires your password.

No comments

Powered by Blogger.