Social engineering & Phishing

What is it?

Social engineering is the way of manipulating people so they give up personal and confidential information or download malware or viruses disguised as legitimate software.

While Phishing is a form of social engineering. In phishing attacks criminals pretend to be a trustworthy organization and use websites or web mail trying to obtain personal information. Attackers can use this information to gain access to your accounts.

What Does a Social Engineering Attack Look Like?

Message from a “friend”

Having your email password attackers can control your account. Because they have access to your contacts, they can send emails to all your contacts or even contact them on social media, asking for money, blackmailing, etc.

They can urgently ask for your help. Telling you that your “friend” is in trouble and they “need help”, so they ask you to send them money to resolve the situation.

Criminals can ask you to donate to their charitable organisation, with all the details about how to transfer the money. They describe a “serious issue” that they are solving and ask for aid or support.

Email from a trusted source

Cyber criminals can imitate a trusted source and give you a reasonable explanation as to why you have to give them your sensitive personal data, such as login credentials, address, bank account number.

A phisher can send an email or a text message that appears to come from a legitimate source such as a bank, a university or a reputable company.

They often tell you about a problem that requires you to "verify" your account by clicking on a provided link and filling in the form with all your personal information.

It can be a notification that you’re a “winner” of a lottery or a game, claiming to give you the money once you provide your bank details.

How to protect yourself from these attacks?

Do not accept any request for bank information or passwords. It is most likely a scam If you get asked to reply to a message with personal information.

Reject requests for financial help to companies/charities. Legitimate organizations send you messages to ask for help.

Set your spam filters to high.

Make sure that your operating system updates automatically.

Secure your devices by installing firewalls, anti-virus software and regularly update them. Set your operating system to automatically update.