Social engineering. What is it and how to prevent it?

It is no secret that the humans are dependent on technology nowadays, which has advantages and disadvantages. Almost everyone today has a social media account, uses online banking, searches for information on the world wide web, uploads important files to online servers, types in personal information online and simply uses computers and Internet to complete daily tasks easier and contact people faster. Smart technologies are designed to protect users’ privacy and allow them to use smart devices and access the Internet without any worries, and sophisticated algorithms and insensate computers do not make mistakes all of sudden – users can rely on them. However, we constantly hear about growing numbers of successful cyber attacks[1], and it seems that cybercrime industry is booming. If you think advanced hackers are the ones to blame for these events, you are slightly wrong. Surprisingly, a big part of cyber crimes nowadays occur not because of cyber criminals’ hacking skills, but because of the human factor[2]. In the majority of cases, cybercriminals use social engineering[3] to obtain sensitive information from unsuspecting victims or make them provide access to a particular computer system. Humans are prone to trust each other, they have feelings such as fear, curiosity, sympathy, and also desire for free stuff. That is why scammers use social skills to achieve their evil goals.

Social Engineering

Today, we want to highlight a few social engineering scam types that dominate in 2017. Being aware of them can prevent problems such as data theft, money loss, or privacy violation. The first and, in our opinion, most dangerous threat that users can confront with is ransomware[4], for example, Cerber or Spora. To put it shortly, it is a virus that either blocks access to your PC or encrypts files and makes them inaccessible. Then virus’ authors demand victim to pay a ransom to fix the computer. Such viruses are mostly distributed via phishing emails, which deliver such kind of messages: “We have temporarily blocked your account. Please find full details in the document attached to this message;” “My name is X, attached is my resume,” “We detected pirated content on your computer. Pay the fine to avoid prosecution of criminal offences. Please see the attached document for details.” Sometimes, such files are not documents at all, and even if they are, they contain malicious scripts that get activated as soon as the victim enables Macros[5]. Consequently, such malicious script downloads malware on the computer. Another successful social engineering scam usually tricks users into installing various Facebook viruses or even providing Facebook login details, which results in an account hack. Imagine that you see a compromising link that your friend shared on his timeline, which says, “My Private Video.” Would you click on it? Most people do, and this move easily allows malware to reach their computers. A very popular social engineering technique is used by tech support scammers – a fraud calls the victim, pretends that he is a “Microsoft technician,” and asks the victim to buy useless security software or provide remote access to the system. Consequently, scammer installs spyware or malware on the system.

To sum up, it must be said that criminals find various ways to intimidate, intrigue, or shock the victim to extract the necessary information or force him/her to do something they want. To avoid being a victim of social engineering, one needs to be suspicious of email messages, unsolicited phone calls, or visits from strangers. One should not provide sensitive information to someone asking for it via e-mail or phone. When in doubt of sender’s intentions, contact the company he/she claims to be from directly. We also suggest users to stay away from pirated software (criminals know that users want free stuff, so they tend to bundle malware with such programs), not send private information over the web before confirming that the website that asks for it is secure, never open attachments or links added to suspicious emails. Finally, remember the rules “If it looks too good to be true, it is,” “Don’t believe everything you read on the Internet” and rely on common sense before interacting with strangers.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions