Earlier, we discussed the four steps that social engineers use to penetrate a corporation’s online security. These same steps are used to attack personal security in online settings. One method of social engineering known as “spear phishing” uses the social engineering cycle as described by Mitnick and Simon. Spear phishing involves an email that appears to be from an individual or business known to the victim, and either solicits information or asks targets to click on a link, which redirects them to another website which loads malware onto the victims computer.
However, not all uses of social engineering are as finely tuned as spear phishing attacks. Mass email phishing scams have been the scourge of inboxes for decades. The most famous of phishing attacks has been the Nigerian 419 scam, which makes false promises of future profits to convince the target to send funds to the attacker. These scams thrive on the idea that the larger the number of recipients, the more likely the scammers will receive a response.
Simple ways of avoiding both kinds of phishing attacks include:
- Never disclosing personal information through email. Very few companies, especially financial institutions, ask for this information through an insecure email account
- Never clicking on a link in an e-mail. Instead, enter the URL manually into the browser to avoid redirection to another website
- Contacting the person or entity using a trusted phone number to verify emails independently when in doubt