Social Engineering and How to Protect Against It

5 min read

Understand different types of Social Engineering attack and how to protect against them.

Advances in technology have made it easier to do everything from connecting with customers to transferring large sums of money. Although technology has many benefits, it also gives criminals more opportunities to identify potential victims. Many cybercriminals are now using social engineering to convince targets to part with sensitive data, increasing the risk of identity theft and other crimes. Read on to learn more about social engineering and find out how to protect your next crypto project.

What Is Social Engineering?#

Social engineering is an attempt to manipulate someone into giving away sensitive information. Instead of hacking into computers, a malicious individual relies on social engineering to trick people into revealing passwords, banking logins, Social Security numbers, and other types of private data. In a business setting, social engineering may cause a company's employees to give out confidential information about employees, vendors, and investors.

Common Types of Social Engineering Attacks#

Social engineering takes many forms, all of which cause victims to share sensitive data with cybercriminals. These are some of the most common types of attacks.

Whaling#

In a whaling attack, cybercriminals target senior executives of an organization, such as the Chief Executive Officer (CEO) or the Chief Financial Officer (CFO). These individuals typically have access to highly valuable data, such as credit card numbers, business and strategic plans, and other sensitive information about their organization. To manipulate high-ranking individuals, attackers usually spoof email addresses to make it appear as if they work for the same business or government agency.

Phishing#

Phishing uses several tactics to trick people into revealing their personal information. In a spear phishing attack, the attacker targets a specific individual or organization. They may craft a convincing email or message, increasing the likelihood that their target individual falls victim to their intent. Angler phishing involves spoofing a company's social media accounts to trick customers into sharing sensitive information. For example, an attacker could set up a fake account in the name of a well-known company and then use that account to solicit credit card numbers.

Honey Traps#

A honey trap is an online romance scam in which the attacker pretends to be interested in having a romantic relationship with the victim. Once the victim feels comfortable, the attacker persuades them to reveal confidential information, such as their Social Security number or their online banking login.

Baiting#

Baiting plays on a person's desire to get a good deal. Rather than pretending to be in love with the victim or targeting high-ranking individuals in an organization, attackers bait people into sharing sensitive information by offering them a freebie. When someone clicks the link to the freebie, they're taken to a spoofed page that prompts them to enter their account information or share other sensitive data.

Scareware#

Scareware causes scary-looking pop-ups to appear while someone is browsing the internet. These windows usually tell users their computers have been compromised in some way. For example, it's common to have a piece of scareware say a computer has been infected with a virus. The goal is to get the user to download a system cleaner or security program. Unfortunately, attackers use this as an opportunity to commit identity theft or install malicious software.

Pretexting#

Pretexting is when an attacker pretends to work for a government agency or private company. They make up details about their role with the organization to trick people into sharing sensitive information. For example, an attacker may pose as an employee of a state tax agency to convince targets to reveal their Social Security numbers.

Examples of Social Engineering Attacks#

Many businesses and government agencies have been targeted by cybercriminals using social engineering to steal private data. These are just a few high-profile examples of attacks involving business email compromise, which is the use of hacked or spoofed email accounts to trick employees into sharing data.

City of Saskatoon#

In 2019, the City of Saskatoon lost more than $1 million after an attacker pretended to be the chief financial officer of an engineering firm. Since the engineering firm already had a relationship with the city, employees weren't suspicious when the fraudster asked them to send a payment to a different bank account than usual.

Xoom Corporation#

Xoom Corporation was the victim of a huge social engineering attack in 2014, when it lost $30 million over a series of transactions. Attackers tricked employees by spoofing their colleagues' email addresses and requesting money transfers. Once employees made the transfers, they weren't able to get the money back.

Puerto Rican Government#

The government of Puerto Rico was the target of multiple attacks in 2019 and 2020, resulting in a loss of approximately $4 million. Cybercriminals hacked into the email account of an employee at the Puerto Rico Employment Retirement System and managed to divert payments from multiple government agencies.

Protect Your Crypto Project from Social Engineering Attacks#

According to CoinGecko, the cryptocurrency market, as of the 1st May 2023, is valued at more than $1.2 trillion, making it an attractive target for attackers who use social engineering to steal sensitive information. Fortunately, there are several steps you can take to protect your crypto project against this type of attack:

  • Verify the source of all emails before transferring money, sharing account numbers, or taking any other action. Even if an email looks legit at first, a closer look may reveal that a clever hacker has managed to spoof the account of a colleague or loved one.
  • Don't make quick decisions. Many social engineering attacks are successful because they cause victims to panic and think they need to act immediately. Protect your crypto project by pausing before you fulfill any requests for money or sensitive data.
  • Use common sense. Cybercriminals often make up scenarios that don't make sense once you think about them for a few minutes. If you receive an email stating that a long-lost relative has left you millions of dollars, stop and think about whether that's a realistic scenario.

As always, you can contact us if you have any questions about how to make your crypto project secure.

By

Tags