Understanding internet fraud III: social engineering20 September 2012
Internet criminals try to trick us in a whole manner of different ways with a view to accessing private information, infecting our computer with some kind of virus, stealing bank details or stealing our identity on the internet.
Do you know the main strategy of deception used by internet criminals?
Social engineering involves engaging our attention, convincing us that we need to forward an e-mail to everyone in our address book, download and open an attached file in an e-mail or convincing us to provide sensitive information such as our passwords to certain services or our bank details.
To capture our attention they exploit our curiosity and fascination with the lives of celebrities, humanitarian disasters, current affairs... They also use alarming security messages allegedly sent by an internet service provider or bank.
Key ideas we must remember about social engineering:
- They will use any trick in the book to capture our attention and convince us to act in a certain way.
- They will make the most of any reference to current affairs or topical issues.
- They take advantage of our fear of certain situations/events: receiving a fine, hearing from the Tax Authorities, Police reports, etc.
- Most attempts at fraud and computer viruses use social engineering.
Where and how do they appear?
- Applications, messages, dubious webpages and fake pages on social networks.
- E-mails purporting to be a service, which contain attachments that are infected with a virus, provide links to malicious webpages or which include forms to be completed with private information.
- Fake advertising «posted» in services, on webpages and in e-mails
- Viruses that send messages to the user posing as a bank, company, institution, service, etc.
As you can see, anything can be used to trick us on the internet, and for that reason, we have to use a great deal of common sense and not believe everything we see on a website, social network, or in an e-mail etc. If you are in doubt about the credibility or authenticity of something, you should always check directly with the service involved, via trusted sources or on the OSI webpage.