Social Engineering
Social Engineering : How You Get Scammed Online
By Murithi Magiri
Did you know that the majority of cyber breaches are caused by human error ?
Every now and then you will see someone online screaming about their social media accounts like Facebook and Twitter or messaging platforms like WhatsApp and Telegram having been hacked . In organizations of different sizes and varied industries it is common to hear of compromised email accounts and ransomware attacks leading to reputational damage , financial loss , blackmail et al . How does it happen ? How do attackers gain access to user accounts and consequently to information and systems ?
Social engineering is the art of manipulating , influencing , or deceiving you in order to gain control over your computer system rather than by breaking in or using technical cracking techniques . In most cases the attacker never comes face-to-face with the victim . It has also been defined as " any act that influences a person to take an action that may or may not be in their best interests ." Social engineering accounts for up to 90 % of the attacks . Why is it that hackers exploit this
86 MAL60 / 24 ISSUE to the maximum ? It has to be because of success rates .
When people think of cybersecurity , they almost always think of firewalls , anti-malware and patch management solutions . These are controls that define a solid cyber security fabric . But they do not take people ’ s habits , emotions and state of mind into account . Human beings are habitual creatures and often vain in pursuits . We are so used to certain things in our life that when faced with them , we don ’ t think twice before acting on them . As an example ; we are aware that there are a lot of attempts to by hackers to compromise social media accounts , so if one receives an email from your preferred social media site that there was an attempt to break into your account or an email to review your accounts security settings , most people will click on the link and log into their account to check what ’ s going on . A hacker will use this against a victim , all they need to do is swap a real link with a malicious one with the look and feel of the real one . Hackers are opportunistic as they come .
Hackers use different social engineering tactics and techniques with the most common one being phishing and malware attack . Phishing is a significant problem for many organizations as attackers often use deceptive tactics to trick people into revealing sensitive information like passwords or financial details . According to research in different African countries by KnowBe4 - arguably the world ’ s largest integrated security awareness platform , nearly 40 % of respondents have fallen for an online scam , 33 % have come across one , 19 % have never fallen for a scam , while 8 % did not know what it is . Most of the respondents fell victim of financial
scams , followed closely by investment scams that and crypto scams that caught 29 % of respondents . Most of those who were successfully scammed , 53 % were convinced the offer was legitimate because the website looked real . Are we that gullible ? Not really .
With the emergence of Artificial Intelligence ( AI ) cybercriminals are getting more sophisticated and alluring to their victims . The key is to understand what these threats are and how they have evolved so people can protect themselves from the costly and negative impacts .
Organizations therefore ought to allocate more resources and time for user awareness and training . Individuals also have to be aware that apart from phishing , the rule of the thumb is that there are no free lunches and more so on the internet .
The “ devil ” lies in the games and puzzles we play and apps we download online . Therefore , we ought to have our hands on the deck , always vigilant and careful while connecting digitally to the internet , be it for work , financial transactions , social networking , playing games or research .
Remember social engineering attacks are premised on your errors of commission and omission . The hazmat suit for social engineering attacks is to do the right thing at all times and to embrace zerotrust clarion call .
Murithi Magiri is the Lead IT Consultant at Magtech Solutions . You can commune with him via email at : Solutions @ magtech . co . ke