Social engineering attacks: what they are and how to avoid them

Social engineering attacks are carried out through various channels:

• By email, through phishing attacks.
• By telephone, through a technique known as vishing, which consists of making phone calls impersonating a person or company to obtain confidential information from victims.
• Through social networks, a channel through which cyber-criminals often manage to extort money from Internet users.

• Through external drives, such as USB. Attackers infect these physical media with 'malware' and then deposit them near a company's premises so that even the most inquisitive employees can insert them into their computers. This technique is known as baiting.
• By text message (smishing), an attack in which they also impersonate a company and with which cyber-criminals mainly try to get victims to click on a link, call a telephone number or respond to the message.

Unfortunately, there are too many examples of social engineering attacks. A large number of companies have suffered phishing attacks from cyber-criminals, through one channel or another.

For this reason, it is very important to always be alert and develop appropriate behavior when using any type of device and/or computer:

1. Do not reveal personal information or confidential data (credentials, credit card numbers, bank accounts, etc.) by phone, email or instant messaging services.

2. Be careful when sharing information. Avoid exposing yourself on the Internet and social networks by publishing personal information (phone number, address, habits, etc.). This information makes it easier for cyber-criminals to work.

3. Check the attached files. Don't download them if you don't know their content, even if they come from a known contact.

4. Always install and update an antivirus on all devices.

5. Common sense and caution are the best allies in the defense against social engineering.

Knowing how to identify social engineering attacks is essential for good online security.