Social engineering is psychological manipulation, in the computer field, it consists of a series of maneuvers in order to obtain confidential user data to gain access to its assets.
The most common of these is the "identity theft" (Phishing), where someone through the imitation of an email or website, pressures some weakness of the user (fear, inexperience, curiosity, etc.) to obtain information of his/her accounts, passwords, or other data that can be used to scam.
There are other methods of social engineering associated with digital media such as:
- The Scareware: is a harmful program that is installed by the user himself when receiving a false warning that his equipment is in danger if he does not install it, in this case, again the fear for the loss of information or damage play a fundamental role.
- The Baiting: usually occurs when the user receives offers of products or free downloads but must register on a page, which takes their personal data to perform the scam, it also usually happens that the downloaded is infected from a malicious program that extracts the personal information.
What to do?
Given that these types of scams are based on user weaknesses, it is important to look carefully at the address of the sender or the website, as well as keep in mind, that a too good offer is probably not.
It is important:
- Use the Anti-phishing system if the platform used has it.
- Stay informed and guide those closest to you in basic security fundamentals against these types of threats,
- Regularly update programs and applications on devices.
- Use additional security measures such as 2-factor authentication, dynamic password generators or Tokens.
- Install a trusted antivirus and keep it updated.
- Be very cautious when opening attachments in emails and links of doubtful origin, as well as entering pages of doubtful promotions.
It is important to keep in mind that scams based on this process are permanently present in everyday life and it is up to each user to be proactive in these aspects.