The first few weeks of 2024 have not seen any let up in the attempts by criminals to use social engineering to steal personal information or install malicious software on devices. Social engineering may not be a new idea, but it continues to evolve making it important for everyone to remain vigilant. In this article we will be looking at some key points to keep in mind to help you spot and prevent social engineering attacks.

What is social engineering?

To begin with, let’s remind ourselves what a social engineering attack is. Essentially, we are talking about an attempt by scammers to use psychological manipulation to trick individuals into giving away personal or sensitive data or to allow access to their devices and systems.

Common social engineering tactics

There are some ‘go to’ tactics which cyber criminals use in social engineering attacks which you should always keep an eye out for.  First among these is ID spoofing which basically means sending an email or SMS using the name of a trusted organisation. It is therefore imperative that you keep in mind what communications you have consented to receive and through which channels. If you receive an email or an SMS from a company you know but do not recall consenting to receive such communication, get back to the company concerned using another channel to confirm whether if the communication is legitimate.

In addition to ID spoofing, cyber criminals also use urgency as a tactic to push people into giving away important information or allowing access to their devices. Any requests to take immediate action, particularly those asking to confirm or update passwords or relating to any payments are almost certain to be attempts of a social engineering attack. Criminals know that if they put you under pressure or even threaten you with the loss of data or money, you are more likely to act impulsively. Being aware of this tactic and recognising it is key to staying safe online. Remember to never click on any links or download any files unless you are absolutely sure they come from a legitimate source.

If scammers are not using pressure, then it is likely to be a baiting tactic. Rather than scaring you, they will be offering you false rewards. For example, if you receive an SMS or an email congratulating you on winning a lottery you never entered, it’s most probably a scam. The same goes for a deal or an offer that sounds too good to be true. It’s a human trait to be curious or tempted by unexpected good fortune and it is this aspect of our nature that criminals try to exploit. Again, it’s important that you never engage with this type of social engineering attacks. Do not share information, do not click on any links, and do not download any files.

More complex social engineering attacks

While it is relatively straightforward to spot most social engineering attacks once you know what the telltale signs are, more complex and sophisticated attacks are also possible. Pretexting, for example, is a strategy through which scammers build up trust with their targets over time through several messages before making any request for sensitive data. The advances in Artificial Intelligence are also having an impact on social engineering attacks, giving criminals the ability to generate more credible sounding messages in multiple languages and at a greater volume.

Staying safe online

As the threats from social engineering attacks continue to evolve, it’s important to always think before responding to any messages you were not expecting. It’s also vital that you take the necessary precautions to protect your devices. Update your passwords regularly and make them hard to guess, block senders you do not recognise and make sure your operating systems are up to date. It is also wise to have up to date anti-virus protection system installed on your devices. Staying vigilant and taking the right steps to protect your devices will help keep you safe online.