What is social engineering?
The term “social engineering” refers to methods used to trick you into giving away sensitive information. It can involve psychological manipulation, exploiting trust, or taking advantage of natural tendencies to reveal confidential information.
Social engineering tactics can include impersonation, phishing scams, pretexting, and baiting which can lead to unauthorized access to your personal data, financial information, computer devices, or accounts. By understanding and recognizing the signs of social engineering attempts, you can better protect yourself and your information from potential threats.
Impersonations
One malicious technique in social engineering includes the use of human psychology to get you to provide confidential information or perform actions that may compromise the security of a company or individual. For instance, someone might impersonate a person you trust, such as an employee from the IT department or a helpdesk representative, to trick you into revealing sensitive information, and even download malware.
Phishing Campaigns
Another tactic involves impersonating family members, phone companies, or other businesses, in order to gain access to login credentials or account information.
Perpetrators may pose as family members in online communications to gain your trust to try to trick you to reveal sensitive details. Additionally, perpetrators may personate legitimate phone companies or businesses, using various schemes to trick you to give them login credentials, personal information, or financial data.
SIM Swapping, Call Forwarding, and Simultaneous Ring
Other forms of social engineering include SIM swapping which involves deceiving a mobile carrier to transfer your mobile number to another SIM card controlled by someone else. Card Forwarding can also be used to redirect calls and messages from your number to another phone, allowing unauthorized access to sensitive information. A Simultaneous Ring method can also be used to trick your mobile carrier into having multiple phones reached when your number is dialed. This can lead to your calls being intercepted and compromise your privacy and security.
How to protect yourself
The FBI recommends the following precautions and tips to protect yourself from social engineering:
- Do not reply to calls, emails, or text messages that requests personal information (such as a password, PIN, or any One Time Password sent to your email or phone). If someone is claiming to be a company “representative” and contact you and asks you to provide personal information or to verify your account by providing a code, initiate a new call to that company by dialing the verified customer service line of the company.
- Ensure you have set a unique password for your voicemail on your mobile phone.
- Reach out to your mobile carrier to disable or block SIM card changes, Call Forwarding, and Simultaneous Ring.
- Regularly review your mobile phone provider’s account page to monitor account login history or any changes made.
- Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
- Use “strong” passwords that are unique and random, that contain at least sixteen characters and are no more than 64 characters in length. Avoid reusing passwords and disable password “hints.”
Social engineering is a deceptive method used to gain unauthorized access to personal data, financial information, devices, or accounts. It involves tactics like impersonation, phishing, SIM swapping, call forwarding, and simultaneous ring. To protect yourself, avoid sharing personal information, use strong and unique passwords, and be cautious of requests for personal information from unknown sources.
