Monday, March 20, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Microsoft Outlook Vulnerability

    Microsoft Outlook Zero Day Vulnerability Actively Exploited

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    Gamekaking Data Breach

    Gamekaking Data Breach? Leakbase Claims to Upload 19 Million Rows of Stolen Information

    Medusa Ransomware Group

    Medusa Ransomware Group Targets National Institute of Ocean Technology

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Clop Ransomware Group Adds Hitachi Energy

    Hitachi Energy Confirms Security Incident After Clop Ransomware Adds it to Victim List

    Onex Data Exposed

    Onex Data Exposed, Linked to GoAnywhere MFT Security Incident

    Euler Finance Cyber Attack

    Euler Finance Cyber Attack Hackers Returns $165k to Victim

    Independent Living Systems Data Breach

    Independent Living Systems Data Breach Puts 4.2 Million Individuals at Risk

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Cyble Among Top 50 Emerging Companies

    Cyble Among Top 50 Emerging Companies Across Governance Risk & Compliance Solutions Sector

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Microsoft Outlook Vulnerability

    Microsoft Outlook Zero Day Vulnerability Actively Exploited

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    Gamekaking Data Breach

    Gamekaking Data Breach? Leakbase Claims to Upload 19 Million Rows of Stolen Information

    Medusa Ransomware Group

    Medusa Ransomware Group Targets National Institute of Ocean Technology

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Clop Ransomware Group Adds Hitachi Energy

    Hitachi Energy Confirms Security Incident After Clop Ransomware Adds it to Victim List

    Onex Data Exposed

    Onex Data Exposed, Linked to GoAnywhere MFT Security Incident

    Euler Finance Cyber Attack

    Euler Finance Cyber Attack Hackers Returns $165k to Victim

    Independent Living Systems Data Breach

    Independent Living Systems Data Breach Puts 4.2 Million Individuals at Risk

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Cyble Among Top 50 Emerging Companies

    Cyble Among Top 50 Emerging Companies Across Governance Risk & Compliance Solutions Sector

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Workforce Learning & Development

How to Avoid Social Engineering Attacks

Vishwa Pandagle by Vishwa Pandagle
October 30, 2022 - Updated on October 31, 2022
in Learning & Development, Features, Main Story
0
Social engineering
592
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter
Listen to this story

Social engineering is a form of attack that manipulates a vulnerability in an individual in such a way that they ignore their security by clicking, opening, downloading, or installing files sent by a cybercriminal. All this while not knowing that a scammer is trying to gain access. The success of social engineering relies on errors an individual makes by unknowingly giving access to their system or device. After gaining access, scammers can launch malware attacks, hold back user data using ransomware, and delete, edit, or sell the data on the dark web. 

Online crimes are often targeted at specific individuals or companies with the intent to scam, spy or steal information or money. To do so, cybercriminals attempt to gain the trust of the person they plan to trick. Often, trust is built by pretending to be an authentic brand by using the company’s official logo and name, creating fake websites or apps, etc. Sometimes individuals are also lured with exciting offers of a free prize or a gift like the latest Apple iPhone. 

You might also like

Unconscious Bias & Social Barriers Negatively Impact Neurodiverse Workforce in Cybersecurity

Online Platforms to Learn Cybersecurity in 2023 | Free and Paid

Women in Cybersecurity: 6 Lessons Learned From Running My Own Business

How social engineering attacks are launched?

In a social engineering attack, a cyber-attacker often tries to predict the psychological behavior of the target. For instance, while surfing online, an individual may get tempted by websites offering gifts on spinning a wheel of fortune. A user is lured into clicking it, thereby starting an online attack. While the user may not see any difference on their computer screens, the malware payloads may already have begun accessing their data and bank credentials, if available. They can also extend their attack to others connected to that device or account. 

Some lures are created after studying the target by spying on their online activities that can be traced on their social media accounts like Snapchat, Twitter, or Facebook. Looking at what they are most likely to get enticed by, a link or message may be created.  

What a target may not know about malicious communications?

  1. The user may not know that the URL of the phishing link is not that of the official website it claims to be. 
  2. They may not realize that actual zoom developers did not make the Zoom app that came on top of the play store . 
  3. Users may not feel suspicious about the picture they can see, which may be laced with malware using a technique such as steganography. 
  4. Hackers cannot authenticate a login request of a hacked account that has two-factor authentication enabled on it after gaining access to someone’s login details. Hence, after a hacker tries to login in, the user gets notifications to approve the login attempt. They may not realize that the notifications they are getting asked for being authenticated for entry into their email, school, or office account are not initiated by them if they are busy or feel that it’s due to a system error.   

Ways to keep social-engineering attacks away 

Before interacting with a cybercriminal 

To avoid falling prey to social engineering attacks, users must not respond to communications from unknown links, SMSes, emails, pop-ups, etc. This can eliminate the danger of being exposed to online threats.  

Arvind Paranjpye, the director of Nehru Planetarium, a centre for scientific study in Mumbai, spoke to The Cyber Express about the magnitude of cyber-attacks that can allow a hacker to gain access to someone’s camera without them knowing. He emphasized the importance of limiting internet usage and said, “A person can be traced from any part of the world. So, it is important not to open files sent by unknown contacts or ones that you are not sure about while also limiting their phone usage.”  

It is essential to look at one’s own online activity in terms of personal security. It has become a habit to surf online the first thing when one gets up, followed by doing that for most parts of the day, ending up going online as the last thing one does before going to sleep. When all the messages are taken care of, and school, work, or other online commitments are done with, it might be a good idea to leave the phone, tablet, or other online devices aside. Excessive phone usage also brings excessive exposure to content that one has not planned or intended to go through. 

What one can do after interacting or using the communications sent by a cybercriminal?

Not downloading unauthentic apps, and free, illegal versions of games that are actually paid, can be one way to keep malicious payloads away that may be left online by hackers to lure potential users. Not opening links offering illegal game hacks or fake job PDFs coming from unknown agencies or individuals, etc. contained in a communication is important to avoid cyber threats. In case of receiving suspicious emails say job emails, doing a background check by looking for work, credentials, and educational background can also help in finding out if they are actually someone with a legitimate account. However, if one realizes after downloading a malicious file or clicking on an unknown link that it does not seem legitimate or is not coming from an official source, one can do the following: 

  1. Take screenshots of the communications with the URL, links, email address, etc. to submit as proof while making a complaint to the local cyber crime cell. The cyber crime cell can be looked up by typing “cybercrime cell” followed by the country or city for specific information. Specific cybercrime cells catering to specific towns can also be found by placing the name of the town or region on Google or another search engine. 
  2. Uninstall the downloaded app or file. 
  3. Delete the messages sent by the cyber-attacker. 
  4. Scan the device for a virus or signs of attacks by running the inbuilt antivirus app. If there is no antivirus tool, getting one is critical for the health of one’s device and data. 
  5. Disconnect the internet to reduce the damage as the hacker who might have gained remote access to one’s device may not find the connectivity to continue the entire attack. 
  6. Create a backup of important files. It will help if one is required to do a factory reset to delete all the data on the device. 
  7. Log out of all the accounts. 
  8. Change all the accounts’ credentials including passwords. Create different passwords in all or most of the accounts one has.
  9. Let the bank know what happened and ask them to block the cards. Ask them for any other helpful steps. This will help if bank details were available on the impacted device. Keep an eye on suspicious activities.

Best practices 

David Spinks, Chairman and moderator of Global Digital Identity (GDI) in the United Kingdom told The Cyber Express that to maintain online safety from cyber-attacks “Ensure your software is always up to date and that you apply all the necessary security patches.”  

Companies have teams that look for vulnerabilities in software and services that hackers use to enter a device. Keeping an eye out for software updates is a must not just to have all the latest features installed but also to apply the patches that were made available for the found vulnerabilities. Leaving the device outdated makes them vulnerable to cyber-attacks. 

Monitoring login activities on one’s device as found by going through the privacy settings can help keep track of who else is logged into one’s account after gaining unauthorized access. One can then log out from unknown devices.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Phishing Attackssocial engineered attackssocial engineeringThe Cyber ExpressThe Cyber Express News
Previous Post

Cybercriminals Use Misspelled Versions of Apps to Spread ERMAC Trojan

Next Post

Guide to The Best Cybersecurity Certifications To Boost Your Career

Vishwa Pandagle

Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes cybersecurity news related to data breaches, ransomware, phishing, and best practices among others. She also writes about cybersecurity developments and likes interacting with experts in this field. When not working, she likes self-reflecting, meditating, volunteering, and going for long walks.

Related Posts

Neurodiverse Workforce
Features

Unconscious Bias & Social Barriers Negatively Impact Neurodiverse Workforce in Cybersecurity

by Editorial
March 12, 2023
Online Platforms to Learn Cybersecurity in 2023 Free and Paid
Firewall Daily

Online Platforms to Learn Cybersecurity in 2023 | Free and Paid

by Vishwa Pandagle
March 11, 2023
Women in Cybersecurity
Features

Women in Cybersecurity: 6 Lessons Learned From Running My Own Business

by Editorial
March 8, 2023
Women in Cybersecurity
Firewall Daily

Top Resources to Start a Career for Women in Cybersecurity

by Vishwa Pandagle
March 8, 2023
Gender Gap in The Cybersecurity
Features

Four Ways Women Can Close The Gender Gap in The Cybersecurity Industry

by Editorial
March 8, 2023
Next Post
Cybersecurity Certifications

Guide to The Best Cybersecurity Certifications To Boost Your Career

Latest Issue is Out. Subscribe Now

Women in Cybersecurity

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Top 10 Cybersecurity Jobs

Categories

About The Cyber Express

The Cyber Express

Cyber Security News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Events: +1 (678) 578-4140

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Tel: (678) 578-8838

Events: +1 (678) 578-4140

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cyber Security Magazine
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.