How to protect yourself from social engineering attacks

So, you have strong, unique passwords, have set up multi-factor authentication on all your accounts and use a VPN to encrypt your traffic when you’re online. Surely your device is safe from hackers now, right?

As safe as your device might be in theory, you’re forgetting that cybercriminals don’t have to target it directly to get to your personal data: they can try to hack you instead.

What is social engineering?

Social Engineering is the name for a range of techniques designed to manipulate you psychologically into handing over sensitive information like passwords, answers to security questions and bank authentication codes.

Since social engineering involves manipulating people, not devices, into handing over your private data you need to be prepared to prevent his kind of attack. In this guide, we’ll explore some common social engineering scenarios, as well as how to stop yourself from being taken advantage of.

Types of Social Engineering Attacks

Social Engineering takes many forms. Technically if a colleague or friend persuades you to write down your password on a Post-it, they’ve carried out a social engineering attack. Still, the most common types of attack are:

Mugged in London

This type of social engineering attack is a variation of a very old scam called ‘The Spanish Prisoner’. Usually, it’s combined with active hacking where cybercriminals get hold of your contacts through social media and/or e-mail, then message them pretending to be you. They explain they’ve been mugged or injured and need some money. Scammers sometimes try to entice victims by promising to pay them back with interest or a cash bonus. 

Scareware

This is a type of malware which uses social engineering to try to trick people into buying unnecessary software.

It usually works by a series of false alarms like pop-ups, telling you that your device has been infected with a virus or spyware. You’re then informed that you can solve this problem by buying and installing a supposed ‘firewall’, ‘antivirus’ or ‘registry cleaner’ program.

This bogus software isn’t always harmful but you’ll still be out of pocket. Some scareware can also lead to users accidentally installing dangerous malware.

Smishing

Smishing is a form of social engineering attack that takes place via text message (SMS) and other text messaging platforms.

Usually, cybercriminals will impersonate someone official like an IT Helpdesk technician from the company you work for and ask for login information.

Smishing can be very dangerous, as two-factor authentication relies on you receiving a unique code when you log in from a new location. If a hacker who already has your password can trick you into handing this code over, they can access your account.

Phishing

Phishing usually works by a hacker creating a plausible-looking e-mail to direct you to a fake version of a legitimate website.

A common type of phishing email is one supposedly from your bank asking you to ‘confirm your login information’. If you click on the link in the (fake) e-mail, you’ll be redirected to a copy of the website which can then record your login details. 

Romance Scams

This is a very prevalent form of social engineering, with reported losses of over $1 billion to scammers in the past two years alone. 

Cybercriminals usually commit romance scams by creating fake profiles on social media and/or dating websites using fake photos and information. They gain the trust and affection of victims and then trick them into sending them money, sometimes over a number of years.

Baiting

As the name suggests, this social engineering attack is designed to lure you into inserting a USB stick, installing a particular program or clicking a particular link. 

Social Engineers make false promises to trick you into doing this. They might say the software will give you a free Netflix subscription for life or that the USB drive contains all the episodes of a popular TV series like ‘Breaking Bad’.

Most likely the program or USB stick will actually contain malware, which could compromise your system. 

How to stay safe 

Given there are so many types of social engineering, there’s no one step you can take to prevent every type of attack. However, there are some useful steps you can take to stay safe, including:

Verify the sender

Social Engineering often relies on tricking you that you’re speaking to someone trustworthy like Tech Support or even a member of your own family. 

Financial institutions like your bank will never call or e-mail to ask for your login credentials, for instance, so if someone asks you to do this you know they’re trying to carry out a social engineering attack. 

Unfortunately, hackers are getting wise to this and use Caller ID spoofing to make it appear as if they’re telephoning you from a legitimate number.

If you receive a suspicious telephone call hang up and call the verified number on your card. Likewise, if you receive an e-mail or SMS from someone asking for money, try to call them (video call) is best to discuss how you can help.

Think before you click

Both smishing and phishing often rely on sending you links to malicious websites. All modern web browsers and e-mail software will allow you to view a preview of a link before you click, simply by hovering your mouse over it.

For example, this link appears to point to Microsoft’s website. However, if you hover your mouse over it, you’ll see it takes you to Apple’s instead:

http://www.microsoft.com 

Use an Adblocker

Popular adblockers like AdBlock Plus and uBlock Origin are available as installable ‘extension’ or ‘plugin’ for all major browsers.

Their main function is to declutter web pages by stripping out annoying ads. Still, they’re also useful for preventing social engineering attacks, as they maintain lists of known phishing websites as well as those that contain malware. This means if you’re sent a harmful link via social engineering the adblocker most probably will prevent the site from loading.

Use a VPN

Using a VPN service, even a reliable one like hide.me, can’t prevent users from being fooled into handing over their data in itself. 

Still, a VPN works by establishing a secure, encrypted connection to a specialist server. This means if you are tricked into visiting a fake website, your location and IP address will appear to match that of the VPN server, not your device. This makes you much harder to target by hackers.

If your device is compromised by malware which redirects you to spoofed ‘phishing’ websites by tampering with your DNS settings, using a VPN service can also provide some protection, as all ‘DNS requests‘ are forwarded through the VPN servers themselves.


We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.

Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.

Get hide.me VPN!

If you have any questions, please feel to contact our 24/7 support team either at support@hide.me or via live chat.

Related articles

Christmas Sale

Includes 3 months extra

Days

Hrs

Min

Sec

Get the offer