Social engineering is a technique used by scammers or more technically known cyber criminals where they use tricks on individuals where they divulge sensitive personal or organizational information. By taking advantage of basic human nature with the desire to trust others, most wouldn’t think twice about in a lot of cases helping others. Social engineering has become the backbone of many types of phishing attacks and other cyber threats. The main focus for scammers when it comes to social engineering is to target the uneducated and most vulnerable people within the sector they would be operating from. This could be through acting as your bank or a part of Amazon Customer Service. There are scammers across the world in all different areas where your information may be stored.
Examples of Social Engineering Attacks
Phishing: The most common forms of leveraging social engineering tactics that hackers will use are deceptive emails, websites, and text messages to steal sensitive personal or organizational information from unsuspecting victims. You will see this most commonly on fake cryptocurrency wallet support accounts where they will send tweets and direct messages with links to "Fill out a Form" which are FAKE!
Spear Phishing: This type of email scam follows the same premise as regular phishing attempts except it's used to carry out targeted attacks against individuals or businesses. Spear phishing is more intricate than your average mass phishing email, as it requires in-depth research on potential targets and their organizations.
Malware: A category of attacks that includes ransomware. Victims are sent an urgently-worded message and tricked into installing malware on their device(s). You might find these appear in the form of pop-ups, where you will then be required to contact the (Scammers) Support Number on the pop-up window, which might seem impossible to close no matter how much you try.
Vishing: When it comes to vishing, it is similar to phishing except with this form of a scam they will leave urgent contacts for you to respond with urgency, it makes individuals panic and look to comply with the scammers and create a form of contact. They will then proceed to convince the victims they are a part of their bank or a government agency and in most cases law enforcement. Once you have this added pressure, victims will look to pay in order to remove themselves from the 0% risk the scammer said the individual was in.
Additional scams to be aware of: Baiting, Pretexting, Quid Pro Quo, Tailgating, and Water-Holing.
Why do Social Engineering Attacks happen?
Social Engineering attacks take place because select individuals are looking to take advantage of the human instinct of believing/trusting. Scammers have designed multiple different methods of scamming such as very well-structured email, voicemail, or text messages that get victims to transfer money, provide confidential information, or download viruses/malware on their devices. If you take a look here at some of the examples of how effective and well-designed some of these scams can be, it really brings into perspective why some individuals might fall for such a scam. Credit to tessian.com for providing examples
Not all Social Engineering Attacks are in real-time
While a lot of scams try to take advantage of individuals by getting direct contact, some scammers take a more indirect discovery option. But what does that mean exactly? Social media sites are well known to have scammers and bots to find information that might provide them access to for example your email account, which certainly then opens the door to a lot more. But it's not like they are going to be directly asking for your password, so they create a wide variety of engagement sites to find key information out without you thinking about it. An example of this can be found on Facebook, and the post would look something like this:
Which will this post will generate information on your favorite dog as they are designed in a way to always get your favorite breed. So with this information, if you have a password reset security question set as "favorite dog breed" or "breed of your first dog," it now gives them more information to reset your password. This has been done completely anonymously, so we have to be careful about what you are engaging with online. We should also check to see the type of security settings that are applied to the account and who actually has visibility to see your information.
Social Engineering and Cryptocurrency
When it comes to your portfolio, it is your whole world in the cryptocurrency space. And this is why it is a prime target for Social Engineering Attacks to happen. Due to the current development within the blockchain and cryptocurrency space, everything is still very new and in development. Because of this, the level of understanding in all areas of the space is still being created which leads to a lot of changes that not everyone will be aware of and the scammers know that not everyone will be aware of changes and updates or even just up to date with the crypto best practice, which is why they are able to target individuals and get away with millions of dollars in crypto each day. In order to combat with this, we have created a top 10 Best Crypto Practice that if you follow should significantly reduce the chances of being affected by scammers:
Do not reveal or share your Wallet keys. | It is imperative that you do not look to share or reveal your Seed Phrase or Private Key to anyone, no matter the reason. The Wallet Key is the direct access to your wallet and with it no security measure can stop you losing your funds if someone knows it! |
Spread assets across more than one digital wallet. | Where possible, you want to have multiple wallets to split your assets up. This way it reduces the risk of all portfolio being taken if your wallet became compromised. |
Use cold wallets and hot wallets to increase security | Using Cold and Hot Wallets are another way to increase portfolio security. |
Implement policies to reduce risk. | Implementing policies is important when it comes to investing in crypto. You want to follow a set plan before investing and moving money, such as making sure you've done your due diligence on your new investment. |
Entrust someone with knowledge of the wallet's existence. | While you don't want to share your Seed Phrase, you do want to tell someone about your investments that you trust. As without sharing your portfolio's existence you could find if anything happen to you that the crypto would be considered lost forever. Telling someone will only help secure your assets for the likes of your family or friends. |
Conduct your due diligence on cyber security, such as how to use a VPN | Being up to date on the latest with Cyber Security will only look to benefit you greatly, not just with crypto but with all things on a technological front. Using a VPN will ensure your device is secure, especially when on a public network. |
Look to use all services offered by your chosen wallet. | Your chosen wallet will have security features that you must look to take advantage of such as 2 Factor Authentication or Transaction Signing. This just makes sure that if you happen to leave an active connection via your wallet that a transaction can't go through without a second step approval. |
Keep up to date with your investments | Keeping up to date with your investment is a MUST! You never know when a project looks to develop and the token changes. An example is SafeMoon V2, this was a migration process from V1. You need to be aware of such events to keep your assets secure. |
Ignore any support accounts or click on any links. | A lot of Tokens and Coins don't have any support team! You will find on social media that there are a number of accounts that appear to be support account, which isn't the case, especially when it comes to SafeMoon. SafeMoon does not have any support accounts, so if you receive contact from one, please BLOCK and REPORT. |
Check all live connections through your wallet | When you are looking to purchase crypto, in most cases you use DApps and Wallet Connect. As such you will want to make sure that you disconnect from DApps in the Wallet Connect Section. In addition, when you interact with a contact you have to create what is called an allowance and you'll want to look to revoke the permission to make sure no risks to your wallet are open. |
While you'll never be able to stop malicious people from collecting/stealing information or financial payments, we can only look to reduce the risk as much as possible and that begins with following those best practices above. If you'd like to learn more about security, you can check out our Security Tips Page to learn more.
Credit: