In this chapter, we will focus on the most common form of cybercrime; Social engineering.
What is Social engineering?
This is a type of attack that relies on interactions between humans instead of computers. Because humans are the weakest link in any security system, a cyber-criminal can get a victim to reveal personal information over the internet.
Sade has been talking to this fresh guy she met on Facebook. They got very close and in no time, emotions set in. This made Sade tell the guy everything about herself. A few days later Sade runs into her friend, Bola. After catching up, Bola asked about her mum’s health and the operation she had. Sade was confused because her mum never had surgery. Bola reminded her about the Instagram message she got from her, telling her to urgently send money to her cousin’s account and not to bother calling her number as it is currently unreachable.
Sade was shocked and she asked her friend to send the supposed account detail. To her surprise, the account detail carries her fresh Facebook lover’s name.
The first question is, how was he able to log into her account?
Let us analyze it:
She gave too much information to her Facebook lover. Please note that I do not have an issue with having an online lover, but the amount of information you share is crucial. Every little information can be used efficiently to compromise you.
Guess Sade’s password? Deji@1992. DEJI is her first boyfriend’s name and 1992 is her birth year. Most used special characters are @ and exclamation mark (!) and maybe full-stop (.) Cybercriminals don’t need sophisticated equipment to guess some passwords, they can easily extract it from an individual.
When Sade’s friend got a message and the odd request to send money to another account, she should have taken time to confirm the source of the message. Such cyber-criminal can send spam messages to a lot of people on the contact and at least 1 of them will fall for it.
When to Act
If you notice (or get notified about) changes to your account that you didn’t make, it’s time to do something.
What kind of changes?
- Your personal information gets updated: Birthday, email, password, etc.
- If you notice an influx of new friends that you didn’t send requests to, something is wrong.
- People are getting messages you didn’t send: If someone tells you they got a message from you and you know you didn’t send such a message.
- You see unknown published posts on your account
- If someone you know sends an email to you but the message seems odd, their account may have been hacked. Don’t reply to the message or click any links unless you can confirm the email is legitimate.
How to avoid social engineering
- That cute guy you chat with on Facebook, stop giving him unnecessary information. Stop it in Jesus Name!
- That old friend that suddenly starts asking questions, stop giving him unnecessary information.
- Avoid being too emotional about your safety
- When you notice unusual or suspicious actions in your account, change your password immediately
- Enable two-factor authentication
- Create a strong and secure password
- Use unique passwords for every account
- If asked to create answers for security questions, consider using fake answers to make them even more difficult to guess.
PASSWORD: My best Password practices
- Strong passwords are good, but only when combined with other measures such as a two-factor authentication
- Creating password: use Caps + special characters + number
- The longer the better
- We usually recommend a change of passwords at least every 3 months
- Make your passwords hard to guess but easy for you to remember
- Never reveal your passwords to others.
- If strong passwords are too complicated to remember or users are forced to change them too frequently, people won’t be able to memorize them and will start making notes in one form or the other, thereby undermining even the most sophisticated security tools.
- Avoid saving or writing down your passwords
To be continued