Some types of cyber attacks don't occur from viruses, or malware. The concept of social engineering is not new, but has been seeing more use over the years. Social engineering is the practice of socially manipulating users to extract data from them.
The website social-engineering.org tracks various data regarding social engineering style attacks, and found that many surprising results.
They found that:
- 90% of people when called will provide not only their full name and spelling of their name, but also their email address's without even requesting the callers name.
- 67% of the people they asked gave out their social security number, birth dates, or employee ID's.
Another form of Social Engineering which involves spoofing a phone number to appear to be someone that they are not is called Vishing. One person fell victim to a vishing style attack when they thought their bank's fraud department was contacting them to identify some fraudulent charges. The victim had received a text previously which they then asked him to read back to them.
Only a few hours later did this person realize they were indeed speaking to the fraudster, and not their banks fraud department.
The lesson to be taken from these types of Social Engineering style attacks is to remember to never give any kind of confidential data to someone who contacts you. If you receive a call from a number that looks like your bank or financial institution requesting personal information, try calling back on the number on the back of your card.
The main take away is to be careful whenever giving information out over the phone or to anyone you don't formally know. Scams and information security doesn't only take place in the confines of a computer or network.
