On Tuesday April 28, 2020, we featured the President, Nigeria Computer Society, Professor Adesina Sodiya who bemoaned that ‘Most Nigerians are still not conversant with Social Engineering threats’.
In that article, Prof. Sodiya said that as critical as this period is, it is quite alarming that cybercrimes are on the increase.
But, what is social engineering attack?
Prof. Sodiya speaks:
“Socially engineered strategies have been adopted to perpetrate many attacks on innocent citizens during this lockdown.
“Socially engineered attacks involves psychological manipulation of targets to trick them into releasing sensitive information. It refers to the methods use to get victims to take some sort of questionable actions, often involving a breach of security, the sending of money, or giving up private information.
“Perhaps the name might sound appealing, be assured that it is not! In simple terms, social engineering may be described as the fraudulent activities conducted by cybercriminal to exploit computer users. Social engineering is really about hacking the minds”.
The President of NCS, also offered five (5) tips to stay ahead of Social Engineering attacks:
1. Turn your spam filter on. A lot of social engineering happens via email so the easiest way to protect against it is to block spam from making its way to your inbox. Legitimate emails will sometimes end up in your spam folder, but you can prevent this from happening in the future by flagging these emails as “not spam,” and adding legitimate senders to your contacts list.
2. Learn how to spot phishing emails. Talented scammers spend a lot of time spoofing emails to look like the real thing, but with a little due diligence you can easily spot the spoofs.
- The sender’s address doesn’t match the domain for the company they claim to represent. In other words, emails from PayPal always come from [email protected] and emails from Microsoft always come from [email protected]
- The sender doesn’t seem to actually know who you are. Legitimate emails from companies and people you know will be addressed to you by name. Phishing emails often use generic salutations like “customer” or “friend.”
- Embedded links have unusual URLs. Vet the URL before clicking by hovering over it with your cursor. If the link looks suspicious, navigate to the website directly via your browser. Same for any call-to-action buttons. Hover over them with your mouse before clicking. If you’re on a mobile device, navigate to the site directly or via the dedicated app.
- The email has typos, bad grammar, and unusual syntax. Does it look like the email was translated with Google Translate? There’s a good chance it was.
- The email is too good to be true. Advance-fee scams work because they offer a huge reward in exchange for very little work. But if you take some time to actually think about the email, the offer is fake or outright illegal.
3. Turn macros off. Turning off macros will prevent malware-laden email attachments from infecting your computer. And if someone emails you an attachment and the document asks you to “enable macros,” click “no,” especially if you don’t know the sender. If you suspect it may be a legitimate attachment, double check with the sender, and confirm they sent you the file.
4. Don’t respond. Even as a joke, don’t do it. By responding to scammers, you demonstrate that your email is valid and this will exacerbate the matter as they will just send you more. The same goes for SMS text message and call scams. Just hang up and block the caller.
5. Install a good cybersecurity program. Mistakes happen. If you click a bad link or malicious attachment, your cybersecurity program should recognize the threat and shut it down before it can do any damage to your device.
He further disclosed that Nigeria Computer Society (NCS) is planning to seek for the support of National Informational Technology Agency (NITDA) to develop a robust and integrated security awareness programme in the Nigeria.
“Fortunately, NCS has vibrant chapters in all the state of the federation. We believe that the security awareness programme will go a long way in safeguarding digital and physical assets of individuals, governments and corporate organizations”, he said.