People often become victims of online scamming and other malicious activities during the time of emergency such as COVID-19 pandemic. It becomes easy to scam people because they depend on virtual and electronic channels for information, advice, and solutions. A scammer impersonating a genuine organization like World Health Organization can easily take advantage of this situation by sending emails that look like they came from the WHO.
Online scamming and phishing have risen in the last two months mainly because Social engineering has evolved to easily penetrate into our lives.
What is Social Engineering?
Social engineering is the art of manipulating people to offer access to their confidential information. The victims are often tricked by the criminals by posing as a reliable or genuine personality.
Although it began as a part of espionage, it saw a dramatic rise with the advent of the internet. In the last 20 years, more people have been blackmailed, scammed, or looted through digital or electronic channels than in the history of mankind.
Social Engineer Inc. defines social engineering as
Any act that influences a person to take any action that may or may not be in their best interest.
The reach of social engineering doesn’t only limit to scamming but also gaining access to unauthorized zones, deliberately erasing confidential information, and recruiting agents for the foul-play such as the recruitment conducted by the Islamic State.
Some of the popular examples of social engineering are as follows:
- Phishing attacks attempted by cybercriminals to make unsuspecting users click on a malicious link or download a file containing a virus.
- Phone spoofing, or "vishing," can involve being called by a scammer, or a scammer placing the call in an attempt to glean personally identifying information or resetting a password.
- Baiting attacks involve exploiting someone's curiosity to get them to something an attacker wants, like plugging in a found USB stick that then injects malware into a network.
- Pretexting, named not for sending an SMS message but rather for the act of presenting oneself under a false pretext, involves things like dressing in a delivery service uniform to sneak past guards, or "walking briskly and carrying a clipboard."
- SMS spoofing can also be used to convince smartphone users to call a number set up to harvest data, steal bank account information, etc.
How does Social Engineering affect people during the pandemic?
Here are the examples of ills of social engineering that have impacted the lives of the pandemic.
A. Malicious attachments and malware
Sending malicious attachment in the email or social media links is a common method of digital social engineering. Identifying malicious attachments and malware links are part of every cybersecurity training program but that training normally takes place in a controlled environment such as the office space. Employees are trained to choose the correct action, however, as seen in numerous reports of ‘health campaigns’ people end up clicking on malicious links or downloading malware into their computer. Organizations such as the WHO has issued official guidance regarding the use of social engineering to fool the users into clicking or downloading malicious content. However, during the time of pandemic people are more likely to believe in fake news propagated by scammers impersonating genuine organizations. It is mainly because people rely on digital platforms and electronic channels for information, advice, and solutions.
While working from outside of a controlled office environment, employees are more likely to interact with scammers. Mistakes are often made within the organization that lets cybercriminals gain access to confidential information or unauthorized area.
B. Phishing, vishing, and smishing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details from the users by disguising as a trustworthy source. Phishers send an email that appears to be from trusted sources. Once the link in the email is opened, it injects the user’s computer or device with loads of malware.
Other than phishing, voice calls (vishing) or SMS (smishing) are two other forms of cyberattack attempted to steal sensitive information. At the time of COVID-19, cyberattackers are finding it easy to steal credentials by convincing the employee that they are providing information genuinely required by their business. Attackers often use email or websites similar to their businesses. With only a slight difference, it becomes hard for the employee to know any difference.
C. Remote work and working from home
With businesses under lockdown, many employers are choosing a remote workplace for their employees. However, moving away from the controlled workplace can open or unlock doors to attack. It became easier for the attackers to target a single user.
In a remote workplace, employees often rely on the internet to solve any problem. They rely on voice, text, and other alternative channels such as social media that are unfamiliar in this context, allowing a greater chance of social engineering and impersonation scams.
The IT Helpdesk may lift restrictions for employees working from home which could in turn compromise many business-related data.
How to Prevent Cyberattacks?
Here are some of the tried and tested methods to prevent cyberattacks.
- Do not open emails and attachments from unknown senders. Look out for suspicious sources by verifying the sender’s email and website. The general rule is, if you don’t know the sender in question, you don’t need to answer an email. Cross-check and confirm the email from other sources such as via telephone or directly from a service provider’s site. Most spoofing and phishing happens through email, hence you must take proper precaution.
- Use multifactor authentication – Thanks to multifactor authentication such as using a password and a different device to authenticate the login can prevent unauthorized access to your email. One of the most valuable pieces of information attackers seek is user credentials. Using multifactor authentication helps ensure your account is safe.
- If someone makes you an offer through email that sounds too enticing, think twice before accepting it. Cyberattackers always want you to click the links mentioned in the email or they may ask you for bank and credit card details. Be wary of this move.
- Keep your antivirus/antimalware software updated. Ensure that you’re using a strong firewall to keep any malware from entering your system.
Searchable Design LLC is a premier web development and digital marketing agency in Des Moines.