It was a busy day at work when Vincent Chang received an e-mail from his ex-boss. He wanted Chang’s help on testing a new website by clicking on an attached URL. The site promised bunch of online materials that would benefit both of them at work. Chang did so, only to find the URL leading to a dead web page.
This opened Chang up to more suspicious e-mails along the week. To Chang’s horror, his former superior said that he hadn’t sent anything. The e-mails were from a practiced Trend Micro researcher named Ryan Flores.
Vincent Chang isn’t just your average Joe suffering from a social engineering attack – he’s our ex-Senior Tech Writer, and now a correspondent for the technology columns in The Straits Times, Singapore’s broadsheet. To make matters worse, the researcher had left tell-tale signs in the e-mail. Chang also had pre-warning, since he had requested for the test of his cyber defenses.
Social engineering uses privileged information and psychological manipulation to gather leverage or unauthorized access. Within the cybersecurity realm, it uses a host of tricks to fool their victims, but the threat is personalized by pretending to be a legitimate contact or website. What makes social engineering dangerous is its ability to use the offline emotions and trust to break into the online realm. The hacker toys the human mind into giving away hard-earned digital cash.
According to the FBI, social engineering attacks cost US$2.3 billion worldwide, from October 2013 to August 2015. Closer to home, bank and parcel phone scams cost victims more than S$1 million within Singapore, while Malaysia authorities arrested and released 20 of such fraudsters, citing lack of evidence despite Taiwanese scammers being responsible for losses totaling S$1.54 million.
1. Avoid giving out your personal info on scammy sites
If a scammy site promises to give you the secrets to getting rich quick while asking for your personal details, it’s probably a scam.
2. Look closely at the URL
Malicious sites can look almost identical to the real thing, with similar URLs like www.the-facebook-real-news.com. Don’t be fooled, bookmark the real thing to stay safe.
3. Don’t be intimidated by threats
Calls or e-mails pretending to be the police, the delivery guy, or even your mother are one of many scams. Stay calm, and verify the call through another mode of communication.