Beware of Social Engineering Attacks

We admit the real fact today, most of us people depend our lives on social media like Facebook, Instagram, Twitter, and Tumblr among others.

As we hook ourselves on social media sites, most of us unconsciously or deliberately forget to protect our privacy and we post all details of our personal information and daily routine of our lives.

Mostly people are using social media as their diary, posting their every minute day-to-day life from waking up in the morning until bedtime in the evening.

Social media is very useful to get information for personal gains, sharing and getting news updates but very risky when it comes to giving out your personal information especially when engaging with on-line sellers and always make sure you only deal with legits and not scammers.

We cannot really stop scammers use the social media like facebook, twitter, instagram, and others but I think the best way is we have to control (stop) ourselves sharing our personal information such as location, bank/credit card accounts, passwords, etc.

Not to mention those deliberate attacks to sneak in to your private life and steal your personal media files and ruin your lives by spreading some ‘scandalous videos and photos’.

I think the best way to prevent social media attacks is to know what these attacks are:

Phishing – this is the most common social media attacks using emails, social media at instant messaging and SMS to trick victims to provide sensitive information or visiting malicious URL.

Watering Hole – this type of attack consists of injecting malicious codes into the public web pages of a site that the targets used to visit. The method of injection is commonly used by cyber criminals and hackers. Once a victim visits the page on the compromised website a backdoor trojan is installed on his computer. This method is used for cybere espionage operation or state-sponsored attacks.

Whaling Attack – this is an evolution method of phishing attacks using sophisticated social engineering techniques to steal confidential information, personal data, access credentials. 

Pretexting – the term itself indicates the practice of presenting oneself as someone else to obtain private information by creating fake identity and use it to manipulate the receipt of information.

More information on social engineering attacks: https://resources.infosecinstitute.com/common-social-engineering-attacks/#gref