The Social Engineering Attack Cycle: How Hackers Gain Your Trust

Know how criminals get information to steal your data?  From social engineering that’s how! If you’re not aware of the social engineering attack cycle and how a managed service provider (MSP) can help your business, read on. 

As part of the social engineering attack cycle, criminals spend a lot of time looking for your weaknesses using all kinds of methods. Not easy for the average business to stop them all by themselves. Happily, you don’t have to be an expert on the social engineering cycle to protect your business. A good MSP will train your team on how to prevent phishing attacks and other cyber security risks.

>>Avoid falling for phishing attacks with our free cheatsheet.

How Cyber Criminals Use Social Engineering to Gain Trust

Step 1. They gather information.

Don’t make it easy for them. Cyber criminals spend a lot of time and resources on social engineering techniques: phishing or trying to “friend” you on social media. They look at the photos you have posted, the places you’ve been. They  scrutinize them looking for something that cracks open a door for them to get in.

Step 2. They establish a rapport or relationship with you.

Once criminals have gathered enough information, the next step is to try to build some sort of relationship with you. They do this through social media, email, phone calls, texts or some other other method. That initial contact will often seem innocent, but it’s not. It is a step to something more sinister and criminal.

Step 3. They exploit the relationship.

Once criminals create some sort of relationship with you, they then try to hook you by sending you what looks like a legitimate link about something you have an interest in. They may also try to trick you into giving them your email or password. This step requires you or your employees to take some action: Fortunately, it also represents a great opportunity for training to make a big difference. 

Step 4. They execute the crime.

Bingo! You are hacked, scammed or breached and you may not even know it. In fact, you might even think you’ve done something good for someone else. By the time you realize it, damage has already been done and the criminal has cleaned up his fingerprints and made sure he leaves no trace behind.

The Social Engineering Cycle in Action

Not sure what the social engineering attack cycle might look like in real life? Picture this: You go out and have a great time at that Italian restaurant on the lake. The food is so good, the ambiance so wonderful,  so you decide to post a photo on all or one of your social media accounts:  Facebook, Instagram, Twitter or another social media platform.

Hackers will love you for this. It’s catnip to them. Believe it or not, cybercriminals can get a lot of information from these remembered moments. They can even trick you into contacting them and thereby finding out everything about you and your contacts.

For example, the hacker might pretend to be the manager of that restaurant. Because you’ve been so enthusiastic about their facility and shared your enthusiasm, they thank you for your patronage by sending you a link to some discounts. Don’t click on those links or respond. It’s just a phishing expedition that will lead to trouble.

Here’s another scenario: Consider those photos taken while you’re out at lunch with coworkers, all wearing your work badges. Photos like that or ones taken at your office desk are also rife with information. Hackers can zoom in on your badges, or on the computer screen in the background, even on a Post-it note which is in the frame. Post carefully and scrutinize the photo from several angles. 

Protect Your Cyber Security on Social Media

Thanks to social media, there is a plethora of information out there that cyber criminals can leverage. Make yourself a harder target with these tips:

1. Take a look at what you share, especially photos, and make sure there are no hints about you included; even ones that might seem insignificant.
2. Trust no one who offers you a freebie. Remember nothing is really ever free.
3. Never lend your knowledge about something to others on social media. Even if you personally know them, be wary and if you really want to share, do it another way of sharing without doing it on the internet.

If your social media account is hacked:

1. Check all your financial accounts. This is where criminals can do the most damage, so start here. If you see any suspicious behavior, report it and lock down the accounts. Notify your banks and credit agencies. Change your login credentials. The new password should be long and difficult to guess, and not one that has been used before on any account. 
2. Change your passwords for all social media sites as well, starting with the one that was compromised. 
3. Alert your social network about the hack. Your hack could give criminals a way to establish rapport with your friends and compromise their accounts.
4. Think about what accounts you may have used your social media account to log into (that “Login with Facebook” button). Change those account credentials and disable the “login with” feature. Individual passwords are more secure.

Here at Aeko Tech, we know all the tricks these hackers and cyber criminals use because we keep up to date with their techniques. So contact us or book a meeting, virtual or in person. There’s no obligation and no sales pitch, just a conversation about the right approach to IT support and cyber security for your business.