In the last couple of years, there’s been an increase in the number of targeted attacks. Nowadays, hackers take the time to learn about their victims and personalize their approach.
According to Verizon’s Data Breach Investigations Report from 2019, phishing causes a total of 32% of all data breaches. Email phishing is the most popular method for hackers to take advantage of social engineering. But they also have a few other tricks up their sleeve.
Here are the five most dangerous social engineering threats to watch out for.
1. The Suspicious @ Symbol
The suspicious @ symbol is one of those phishing tricks that users rarely notice because they don’t pay much attention to URL structures. It is easy to fall for phishing frauds if you don’t take a second to check the URL before clicking on it.
URLs with too many @ symbols have most likely been tampered with. It means they could lead to fake or suspicious websites. @ symbols often appear in URLs to grant secured permission to a website. But hackers also use this trick to lead people to malicious pages.
2. Malicious Encoding
URL encoding is one of the most popular strategies hackers use to trick people into clicking on dangerous links. There are plenty of tools that allow UTF8-Hex conversion. It is a routine that converts regular characters into scrambled symbols. Such a link might not look dangerous, but you cannot know what’s hiding underneath it.
If you hover over the link with your cursor, you can see its original decoded form and spot the potential danger. But it only works if you use a PC. Those who use mobile email apps or search engines can’t see the decoded form.
OSINT stands for open-source intelligence. It is a method that includes collecting and analyzing personal data to customize and target cybersecurity attacks. Hackers use open source intelligence, such as information everyone provides on social media, to learn more about their targets. Then they come up with ways they can exploit them.
If you become a potential target of a social engineering attack, the hacker will find information that relates to your interest and activities. Then they create an approach as believable as possible. For example, they could pose as staff members of hotels or bars you have recently visited. They would invite you to take action and reveal personal information.
4. SMS Forwarding
In general, two-factor authentication is a good security measure for preventing unauthorized access. But hackers can use SMS forwarding and other social engineering tricks to bypass this obstacle. The easiest way to do this is to send the target an SMS posing to be their mobile carrier. The text would usually ask the user to click the link and log into their mobile carrier account. They would ask to check “updated terms” or refresh personal information.
Once the user does so, the hacker receives their login credentials. They can use the latter to access their real mobile carrier account. The hacker would then enable the SMS forwarding feature to receive all 2FA messages sent to the user’s device. With this data, hackers can access any sensitive account from social media to financial systems.
5. Phishing Post
Finally, phishing attacks don’t have to be limited to online activities only. In fact, some hackers still use the traditional post to lure people into revealing sensitive information.
They start by setting up a fake website dedicated to an event that the target would likely want to attend. Then they find the target’s physical address and send them a VIP invitation in the mail. It asks to scan a QR code to learn more information about the event. As you may have guessed, the code contains a malicious link that leads to a dangerous phishing site.
While you cannot secure a QR code before scanning it, you can always search for the event on Google to check if it is real or a scam.
Secure Your Online Experience
All malicious phishing attempts rely on the user’s lack of knowledge and attention while using the web. Luckily, if you pay attention to links and emails you receive, you can prevent falling for social engineering attacks.
To reveal fewer details about yourself that scammers could use, also consider installing NordVPN. It encrypts your browsing data and traffic. This way, it stays hidden from hackers and third parties who could try to exploit it for malicious purposes.
Moreover, get antivirus software to scan all your downloaded files. And always be alert when reading emails, letters, or opening links anywhere on the internet. Better safe than sorry.