Everyone knows that computers can be hacked, however, are humans hackable? It turns out, they are. We, as human beings, tend to help others in case they ask for it. We also tend to trust people, and hackers know that. Human hacking, also known as social engineering, takes the first place in the list of the most popular hacking methods. Yes, cybercriminals nowadays do not need to have super computing or programming skills to hack your PC. It is way harder to defeat senseless robots and sophisticated algorithms than to deceive a human being, who has feelings such as curiosity, anger, or fear. Therefore, criminals use psychological manipulation to force people to do something without thinking, bypassing their common and self-preservation senses. Let us provide you with a simple example that pictures one of the most popular ways to spread Cerber ransomware (and also other ransomware viruses). Let’s say you get an email from someone you don’t know – the email contains a .zip attachment and a short message: “your order should be delivered today. Attachment password is 6666.” Despite the fact that you didn’t order anything, would you open the attached file? Sadly, statistics show that people do. The .zip archive contains malware, which encrypts all files and provides a message asking to pay a ransom to cyber criminals. Sadly, it is a very rough example – cyber criminals manage to compose much more convincing messages. Today, we would like to explain how you can recognize social engineering attacks and protect yourself from extortionists, data thefts, and other social engineers.
1. Think twice before responding to “Do something right now!” requests.
It doesn’t matter if you received an ad that asks you to download something to your PC, or if you came across a website that shows pop-ups saying that you must call technical support for help because your computer was infected/hacked/etc., or if you received an email that asks to view attached files urgently, do not rush to respond to such requests. Give yourself a couple of minutes and evaluate whether the request comes from a legitimate source. Do not let pressuring tactics to trick you to do something out of your interest!
2. Do not fall for social engineering attacks on social media sites
Websites like Facebook are part of our lifestyles, and almost everyone has an account nowadays. It has become a perfect platform for cyber criminals to reach people, dig for information about them, and manipulate their feelings. If you receive a message from a person you know, let’s say, your boyfriend or secret crush, which says “My Private Video,” or “This video belong to you? That’s funny,” you might be tempted to check out what your friend sent to you. However, these messages deliver the Facebook virus, which typically infects victim’s computer as soon as one clicks on the link included in the message or infects the system as soon as the victim installs a suggested browser extension (which ostensibly is required in order to view the video).
3. Remember that Tech Support Scammers use social engineering, too
Tech Support Scammers use various tactics to frighten people and make them give up private information. Some scammers call users via phone, and some of them create phishing websites and related malware that makes victims visit these websites. The aim of tech support scammers is to convince the victim that something bad is about to happen – the victim needs to act urgently and listen to so-called technician’s commands to “save” the computer. This social engineering attack type manipulates fear and sense of urgency to trick victims into providing credit card details or remote access to the computer.
4. Do not be fooled by frauds who claim you did something illegal
Imagine opening your computer and encountering a message: “Penalty notice. We hereby inform you that on your PC found: 1. Child sexual abuse materials 2. Materials that violate the intellectual property rights.” The message says that all activity on your computer is being recorded and that you have to pay a fine of $100 if you do not want to be prosecuted. Doesn’t that sound suspicious? Typically, such ransomware viruses are screenlockers, which means they can be removed easily. Sadly, many computer users, even if they know they have never made such violations, act without thinking and just pay the ransom thinking that it will help to protect their self-image.