Trust me! - OR - What IS social engineering- really???

What is social engineering? 

Let’s find out. 

Let’s start with a game. 

It’s called “Spot the real domain”

- OR - “Spot the spelling mistake”. Your choice. 😀 

We all know that we need to be careful, and to think before we click. 

NOW - 

Let’s see how easy it is to fool the human eye. Here are 2 domains:

 1. www.publishing.com

 2. www.pubIishing.com

Can you see the spelling difference(s) in these 2 domains? 

Look closer. The differences exist, I assure you. 

Hint: look at the “l” in each name.

  • 1 uses a lower-case l, as it should.
  • 2 uses an upper-case letter i instead.

Now do you see the difference? No? It's really hard to see on a screen, in small font, while you are - for example - checking your email (which is why it works so well).

Let's make the print larger - that should make it easier. ⬇️

Did you spot the difference? No?

You're not alone.

This is the easiest way for criminals to fool you.

Social engineering — It’s your job to be aware. It's your job to set an example by checking before clicking, to implement a security education program, and to keep both company data and personal information safe.

?????? But HOW ??????


What is Social Engineering? 

Social engineering is the manipulation of people in order to get information. 

That's it, in a nutshell.

For example -

Let's say a criminal sends the same email to 1000 email addresses (or 100k, or 1M). If the criminal can trick you into clicking on a link in this email, and this link gives them access to your email account - then at this point they don’t need to break into your company’s system in order to send emails, download your contact list - OR change your password.

Do you see how you can be manipulated into giving out your information?

Criminals prey on our human tendency to trust what is familiar - and when we combine “trust” with: helpful, efficient, short on time, lack of tech knowledge, scared (“Help me, I’m in jail in a foreign country!”)…

It becomes easy to see how social engineering can be used effectively against us.

Once a criminal understands what motivates you to take action, they use that knowledge mercilessly.

 

Social engineering is accomplished - 

  • Online (email, social media, websites, and more)
  • In person
  • Over the telephone...

Through any type of interaction with you.

Not only can social engineering attack both your personal and business access, it can also use known faults, in specific platforms or products, to greatest advantage. Let's check that out next...


Let’s keep the conversation going!

 

📣 Share this with your network or a friend! 

✅ Leave a comment - Send a DM! 

 

Let’s Keep Cyber Criminals Unemployed!


⭐️ Stay safe! ⭐️


Originally published at https://www.linkedin.com.