Must Read: The Rise of Social Engineering Crypto-Cyber-attacks.Kehinde LAWAL
This a good read from one of my mentor’s blog. His name is Chimezie Chuta, his a blockchain expert, and we first met at a Nigerian blockchain conference in 2017.
Hopefully, you will find this article interesting and educative. Start reading it below👇.
Recently, there has been a clear rise in social engineering attacks. Even yours truly has not been spared. Most of our fences have collapsed in the face of some of these attacks.
What is it?
Social engineering is the term used for a broad range of online malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes, collecting your digital assets or giving away sensitive information. It could happen on Whatsapp, Telegram, Facebook, Instagram, Twitter, Yahoomail, Gmail etc.
This is how it can typically occur.
A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information, appealing to your emotion as someone you assume you know or granting access to critical resources.
Common Social engineering attack techniques
1) Baiting –
As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.
2) Scareware –
Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself.
3) Pretexting –
Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task.
4) Phishing –
As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
5) Spear phishing –
This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous.
How to protect yourself against Social engineering attacks.
1) Don’t open emails and attachments from suspicious sources — If you don’t know the sender in question, you don’t need to answer an email. Even if you do know them and are suspicious about their message, cross-check and confirm the news from other sources, such as via telephone or directly from a service provider’s site. Remember that email addresses are spoofed all of the time; even an email purportedly coming from a trusted source may have actually been initiated by an attacker.
2) Use multi-factor authentication — One of the most valuable pieces of information attackers seek are user credentials. Using multi-factor authentication helps ensure your account’s protection in the event of system compromise.
3) Be wary of tempting offers — If an offer sounds too enticing, think twice before accepting it as fact. Googling the topic can help you quickly determine whether you’re dealing with a legitimate offer or a trap.
4) Keep your antivirus/ anti-malware software updated — Make sure automatic updates are engaged, or make it a habit to download the latest signatures first thing each day. Periodically check to make sure that the updates have been applied, and scan your system for possible infections.
5) For Crypto-assets dealers; Trust, but Verify
Before you send out your coins, verify the personality of the person you are dealing with. Phone calls, Video calls, is a must. Send fractions of the coins to the wallet provided and call again to get voice/ video confirmation before proceeding to send the rest of the assets.
Enough has already been said about you not leaving your crypto-assets in any exchange no matter the promise of security!
6) Be a skeptic. ALWAYS
When it comes to online activity, bros…Be a skeptic. A real one for that matter, until you are convinced and proven otherwise!
The thing wey Musa dey see for gate too much.
Again Be a skeptic!
Read the full article on Chimezie Chuta’s blog