When it comes to cybersecurity, the human factor can be even more significant than malware. There are a variety of human failings that make people part with their money more and more often these days. This is no secret and it is certainly nothing new: there have always been scammers and they have always been good at gaining people’s confidence. The difference is that while in the past this required personal communication, all it takes now is to use social networking. The method used by fraudsters to obtain sensitive information is called ‘social engineering’. This is a subtle psychological game that can only be won if the person playing it knows and follows certain basic principles. To avoid falling for a scammer’s tricks, you need to stick to some simple rules.
The main recommendation is not to add people as friends on social networks if you do not know them personally. This is not always possible, because sometimes people gain new friends through their professional or social activities. With time, virtual communication may evolve into a close friendship or fruitful collaboration. However, it is not unusual to receive a friend request from someone who is really only interested in your bank account. You need to keep this in mind when considering a new request. Do not hesitate to ask ‘awkward’ questions about your common acquaintances and the other person’s reasons for sending you a friend request. And be sure to examine the personal pages of your potential friend. If they mostly feature quotations, reposts or impersonal images, have few ‘live’ statuses and no meaningful personal information, it hardly makes sense to clutter up your news feed with information posted by such ‘friends’. Even if they do not reach into your wallet, they can still spam you. They can also try to use you as a means of getting to your more affluent peers. This should be kept in mind, too.
A very common social engineering based scam is carried out by registering a fake account. For example, you may have a friend who is not very active and rarely writes anything online. At some point, you may unexpectedly receive a new friend request from that person. You may read on your friend’s wall that their previous page was hacked or some other similar explanation. It doesn’t matter exactly what it is, the important thing is that the friend request may very well have been sent by somebody else. To avoid this kind of situation, try to use several different channels to communicate with your friends, in addition to that social networking account of yours. If personal communication is not possible, you can use any third-party messaging system. Sometimes one telephone call is enough to dot all the i’s. Be sure to ask your friend why they created a new account, but don’t do this by sending a personal message to that account. If the account was set up by scammers, they would have collected enough information about you to know some details of your relationship with your real friend. In other words, the fraudsters could trick you into thinking they are indeed your friend.
One more important point: remember that nothing you post online is secret. If you post a picture in which your credit card number can be made out and then happen to play an online game that involved answering a question about your mother’s maiden name or your pet’s name, scammers could then call your bank and, using your name, answer the bank’s secret questions and gain access to your account. Or they could use the information you posted online to talk to you and find out anything they wanted to know about you.
Watch out when talking to people using Internet messengers. Any messages from your friends that sound unusual should put you on your guard. Even a simple request to lend your friend some money (for example, by topping up a mobile phone account) should be verified by personally talking to your friend or using an alternative communication channel. It is not a good idea to answer any personal questions asked on a social network if those questions come unexpectedly rather than as part of a conversation. For example, if you haven’t heard from somebody for a week and that person suddenly asks you about your relatives, your pet or some other subject that would normally only come up in a longer conversation.
These are simple rules, but we often neglect them – to the advantage of scammers. As long as we continue to treat these rules lightly, the human factor will remain a major threat to cybersecurity, and it is something no anti-malware program can possibly mitigate.