You often hear of hackers using advanced technology to gain access to your computer, steal your identity and make money at your expense. And so we've been taught to protect ourselves with the latest technology that rivals the hackers' tech. But what we don't often hear it does not matter how good your technological defenses are.
The human brain is almost always the weak-point in anyone's cyber security efforts. Some hackers have gone low-tech, using various social engineering tactics to defeat impenetrable tech barriers. A prominent form of social engineering is Phishing, where hackers will send you an email or route you to a webpage that appears to be legitimate. This might be a website that looks identical to your online banking login page, or an email that you're certain came from your cell phone provider; but if you look closely, you'll notice the URL isn't quite right, or the email address doesn't match who the sender claims to be. Our brains often overlook these details, because logging in to your online banking or getting emails from companies you do business with are far from unusual activities. If the website or email look familiar, chances are you won't think twice before entering your password. Now you've given the hacker your banking password and your advanced technical cyber-defense did nothing to stop it.
Social Engineers will send out mass emails with built-in phishing attacks; not every recipient will fall victim, but some will; and all the hacker has to do is sit back and wait. Moreover, some social engineering attacks do not even rely on imitating familiar websites or email templates; sometimes all it takes is the promise of a large payout, and the victim is hooked.
Stay alert and be mindful of details like the URL of your webpage or the sender of the email. If something sounds too good to be true; it just may be.
The Nigerian prince scam is the most infamous example of a frequent social engineering attack known as phishing. “[Phishing attacks] tend to be generic and not targeted,” says Prof Harris. They rely on victims carrying out instructions, often with the offer of a payout in return. While unsophisticated, it is easy to send large numbers of these emails at once: if even a few victims offer their details, phishing can prove lucrative for scammers.