UNDERSTANDING SOCIAL ENGINEERING:
John Eberechukwunemerem, BSc.
IT Security Manager, || Oracle Cloud Certified || Cybersecurity Analyst, || Cloud Admin, || InfoSec Researcher, || Cybersecurity Consultant,||
Social engineering is on the rise in Nigeria, with the nation's growing presence in the digital economy adding a layer of vulnerability to the Nigerian cyberspace. Unfortunately, government efforts to raise awareness on social engineering; an essential foundation for cybersecurity awareness, have been minimal. In response, many Nigerians have taken it upon themselves to understand cybersecurity and learn to protect themselves.
Over the past year, a concerning increase in social engineering attacks has affected numerous Okpuala indigenes, both home and abroad, resulting in their phones been hacked. This trend suggests that many individuals lack a sufficient understanding of social engineering and general cybersecurity practices. It is crucial to educate our community on the tactics of malicious actors, especially social engineering, to help prevent and reduce the growing threat of cyber incidents to Okpuala indigenes.
Social engineering attacks exploit trust and manipulate victims into unknowingly granting access to sensitive information. Unlike professional hackers, social engineers are often regular individuals with malicious intent who manipulate victims into sharing information by leveraging their trust and vulnerability. In their deception, these attackers gain consent to access the victim's system.
What is Social Engineering?
According to the Oxford Dictionary, social engineering is "the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes." It often involves psychological tactics to manipulate victims into making security errors or revealing sensitive data.
How Social Engineering Works
Social engineers typically investigate their victims to gather background information that helps identify points of entry and security weaknesses. They may impersonate someone familiar to the victim or pose as a trusted authority, prompting the victim to lower their guard and engage in actions that break typical security protocols.
Preventing Social Engineering Attacks
Here are key measures to protect yourself from social engineering:
1. Exercise Caution with Attachments
Avoid opening email attachments from unknown sources. Even if an email appears to come from someone you know, verify its authenticity before opening any attachments.
2. Enable Multi-Factor Authentication (MFA)
MFA adds an extra layer of protection by requiring an additional verification step beyond the usual login. This ensures that even if credentials are compromised, unauthorized access is more difficult.
3. Be Skeptical of Tempting Offers
If an offer seems too good to be true, it likely is. Research suspicious offers online to verify their legitimacy.
4. Manage Your Social Media Presence
Social engineers may use personal information available online to craft targeted attacks. Limit public information and avoid sharing sensitive details.
5. Update Antivirus Software Regularly
Ensure your antivirus software is up-to-date and conduct regular system scans to identify and remove potential threats.
6. Back Up Data Regularly
Protect yourself from data loss by backing up important files on external storage or cloud platforms.
7. Avoid Using Unknown USB Devices
Refrain from plugging unknown USB devices into your computer, as they may contain malware.
8. Disable Autorun for External Drives
Autorun can allow external devices to install malicious programs automatically. Disabling this feature reduces risk.
9. Shred Sensitive Documents
Regularly shred documents containing sensitive information to prevent unauthorized access to personal data.
Here are some reliable websites where you can learn about cybersecurity awareness and skills:
1. Cybersecurity & Infrastructure Security Agency (CISA) – Cyber Essentials
The U.S. Department of Homeland Security’s CISA offers Cyber Essentials, which is a guide to cybersecurity awareness and best practices for individuals, small businesses, and enterprises.
2. StaySafeOnline (National Cybersecurity Alliance)
StaySafeOnline provides a variety of resources on cybersecurity basics, online privacy, and tips for safe internet usage tailored to different audiences, including individuals, small businesses, and educators.
领英推荐
3. Cyber Aware (UK Government)
The UK government’s Cyber Aware site offers simple, actionable steps to help individuals and businesses protect themselves from cyber threats. It also provides guidance on recognizing and preventing phishing attacks.
4. SANS Security Awareness
SANS offers high-quality, in-depth cybersecurity courses and resources on topics like social engineering, phishing, and secure password practices.
5. Federal Trade Commission (FTC) – Cybersecurity for Small Business
The FTC provides resources for small businesses, focusing on cybersecurity practices, breach responses, and data protection strategies that are also useful for individuals.
6. Cybersecurity and Infrastructure Security Agency (CISA) – Phishing & Social Engineering
CISA’s website also has sections dedicated to specific threats like phishing and social engineering, with practical tips to recognize and avoid these scams.
7. Cybercrime Support Network (FightCybercrime.org)
This nonprofit organization offers information on how to recognize, avoid, and respond to cyber threats, including tips on identity theft, fraud, and secure online practices.
8. Udacity and Coursera
Both platforms offer beginner-friendly cybersecurity awareness courses, many of which are free to audit. These courses cover topics such as basic cybersecurity principles, social engineering, and online safety.
9. Open Security Training
Open Security Training provides free courses on various cybersecurity topics, including an introduction to cybersecurity fundamentals, which covers awareness and practical security skills.
10. Cybersecurity Ventures
This site publishes free cybersecurity reports and whitepapers, helping individuals stay updated on the latest cybersecurity trends, threats, and best practices.
These resources provide foundational cybersecurity knowledge, covering topics like online safety, phishing, secure password practices, and practical steps for avoiding cyber threats.
If Your WhatsApp Is Hacked:
If you suspect unauthorized access to your WhatsApp account, follow these steps to regain control:
1. Log Out of WhatsApp Web:
Go to WhatsApp > Tap the three vertical dots > WhatsApp Web > Log out of all devices.
2. Log Back In Using Your Phone:
Log out of your WhatsApp account on all devices and sign in again with your phone number. A six-digit code will be sent via SMS. Enter the code to log back into your account, which will log out any unauthorized users.
3. Dealing with Two-Step Verification Issues:
If you’re prompted for a two-step verification code you didn't set up, wait seven days to regain access. The unauthorized user will be locked out once you log in with the SMS code.
Taking proactive steps to understand and prevent social engineering can help safeguard your personal information and protect against potential cyber threats. Authored by @Eberechi