- Phishing: It is characterized by searching for personal information, names, addresses and security numbers. It uses links that redirect to suspicious sites, with URLs that seem to be legitimate and messages that manipulate the user.
- Vishing: It is an attack in which a false scenario is created to obtain personal information, it is done through phone calls to verify your account information or text messages with promises of gifts or services in exchange.
- Baiting: It seeks to lure the victim with bait that can be juicy. This can be presented online or offline, on a physical device, such as a USB or computer, the device usually contains malware or a malicious link.
- Quid Prod Quo: In this attack a benefit is offered, but in this case it is through a service, in which the attacker pretends to be a support representative to offer fake IT assistance services, where they ask to uninstall the antivirus or install malware.
How to fight against social engineering?
- Be careful with the information: Be very careful with the information that is shared, especially personal information, because it is not possible to know into whose hands the information may get and its intentions; a piece of information that may seem simple, but often leads to sensitive or confidential information.
- Do not open links or suspicious links: lways validate the links sent to us from different sources, and if possible use a tool that analyzes the link (https://www.virustotal.com/gui/home/url) or google the main part of the link, as these can be confusing in certain cases, when characters belong to another language.
- Password policy: It is very important to have secure passwords, different for each account. The ideal is to activate the 2-factor authentication (if available for the account), additionally change them from time to time, because sometimes password databases are leaked and your password may be among them.
- Verify the websites’ security:
At this point, it is vital not to put important information on websites that do not have the padlock icon or HTTPS Before visiting a new website and exposing personal information, verify that it is secure.