These attacks generally have a technical element as well. The latest variants of the Mac scareware take advantage of a setting in Safari to automatically open “safe” files, and the ‘cookiejacking’ attack uses a weakness in the security zones protection of Internet Explorer. But, technical component aside, these attacks rely on somehow convincing the user to do something through social engineering.
A post on the Windows Security Blog focused on the ‘cookiejacking’ attack explains, “This is a form of social engineering attack and these kinds of threats will remain a concern for Internet users on all browsers. Software vulnerabilities are not needed for these kinds of threats to be successful so it is always a good idea to follow best practices – regardless of the browser you are using – in order to stay safe.”
The post offers six simple tips you can use to identify social engineering attacks, and avoid becoming a victim.
- Odd messages from friends on social networking sites to participate in games or offers you must act upon immediately.
- Alarmist messages and threats of account closures.
- Promises of money for little or no effort.
- Deals that sound too good to be true.
- Requests to donate to a charitable organization after a disaster that has been in the news.
- Bad grammar and misspellings.