I recently took my kids and nephews to see Inside Out, a Disney Pixar movie that explores the inner workings of the “voices inside your head.” I saw the movie twice in a seven-day span (because I’m a super fabulous mom/aunt/person); on the second go-around I started to analyze it way too much (because, seriously, twice in a seven-day span).
My analysis bore fruit when I started to think about how the emotions that were characterized in the movie — Joy, Sadness, Anger, Fear, and Disgust — are at play in our day-to-day lives, and how they often dictate our actions. Which then led me to think about how social engineers can manipulate our emotions, driving us to act and react in ways that are not necessarily in our best interests.(This exercise, by the way, was much more successful than my attempted analysis of Frozen because…well, let’s just let that one go).
So, turn your smartphone to silent, grab a bucket of popcorn the size of your head, and get ready for the Wombat Security triple feature…
Turning Social Engineering Inside Out: How to Use Your Emotions and Memories for Good Instead of Evil
1. Expect the unexpected
Sure, it’s a bit of a cliché, but this phrase is a mantra of sorts when it comes to cyber security and social engineering. Take phishing emails, for example. Fraudsters lure you in by using known brands and logos from companies you expect to hear from — Amazon, PayPal, eBay, etc. Little do you know, danger lurks below the seemingly trustworthy surface: Instead of taking you to a legitimate site, links route you to a look-alike website designed to capture your data for a hacker’s use. And rather than a real invoice, that attached file is loaded with malware or another dangerous piece of software that can compromise your device and your data.
It can be difficult — even for security-savvy professionals — to identify fradulant and dangerous emails. That’s why you should always keep in mind that there may be more to a message than meets the eye.
2. Don’t let one emotion override everything else
Successful social engineers are students of human behavior, and they strive to use emotional responses for their personal gain. Fear is a big one to watch out for; phishing emails, smishing (SMS/text phishing) messages, and vishing (voice phishing) calls are often designed to incite panic and prompt you to act without thinking. Examples include alerts that your online bank account has been breached, claims that a friend or loved one is in need of immediate financial assistance, and warnings that you are facing a tax audit or court summons.
On the other end of the spectrum, fraudsters also try to engage you by preying on your happier emotions. These types of messages and calls often promise free gift cards, sweepstakes or lottery winnings, or access to pre-release music and movies.
Regardless of the approach, in almost all cases you will be asked to share personal information, such as login credentials, credit card numbers, or bank account details. Repeat after me: Every time an email, text message, or phone call you receive prompts you to reveal sensitive data, you need to activate a warning bell inside your head.
The simple truth is that most legitimate companies do not contact their customers and request personal data. When this happens, let logic override your emotions and disengage from anything that seems odd or suspicious.
3. Use it or lose it
Memories fade over time, so it’s critical that you make cyber hygiene a part of your regular routine. Use the best practices you’ve learned and apply them consistently. Even better? Initiate or participate in a security awareness and training program that offers continuous education and reinforcement. This will ensure that you stay on top of new techniques that hackers and scammers are using to trick unsuspecting users.
When you keep cyber security top of mind, you take an active role in protecting your personal and business information. That is the best way to prevent social engineers from gaining access to sensitive data and systems.
Looking for more tips? Subscribe to our blog! You’ll find advice about how to avoid phishing and smishing attacks and other social engineering scams, as well as insights about industry studies, new and emerging threats, and other timely information related to cyber security risks and countermeasures.
