NordVPN researchers have compiled survey results to get to the bottom of how much social engineering affects our online habits. Just how many of us have fallen victim to a socially engineered scam? What can we do to avoid falling for them again?
Social engineering is a method in which a scammer will try and entice or trick a victim into doing something that might compromise their security. Whether it’s accidentally revealing their real name and address or unwittingly giving away sensitive banking details, social engineering scams look to gather as much incriminating information as possible.
Once the ill-gotten data has been collected, it can be repurposed for a whole suite of criminal activities, like online identity fraud or blackmail. Socially engineered attacks are insidious in nature and specifically created to look as legitimate as possible.
Socially engineered scams come in many forms but all have one thing in common: they’re faking legitimacy. Whether masquerading as a government agency or a bank, a socially engineered scam will try their hardest to fool the victim. Their efforts can go as far as recreating a banking website or login page to trick a victim into willingly entering important login details.
A lot of social engineering scams rely on a phishing email to initiate operations. The purpose of a phishing email is to get the recipient to click on a link that leads to a malware-ridden website or unwittingly download a virus.
The point of a social engineered attack is to get you to follow a link or sign up to something. The best way to recognize a socially engineered attack is to analyze the language of the message. Is the language desperate? Does the message imply there’s a time limit to whatever request it’s asking for? Does the message sound urgent? Remember that most banks will never text you and ask for your login credentials. In fact, any text message or email you receive that requests any kind of login details is probably best suited for the trash bin.
NordVPN researchers wanted to find out just how much social engineering has affected Americans. In a survey of just over 1,000 people, we came to some interesting and somewhat alarming results.
While only 46% of Americans have heard of the term “social engineering,” they certainly recognize the types of attack that utilize this methodology. When the data has been further broken down, here are the types of socially engineered attacks that Americans have experienced.
With over 300 billion emails sent every year, it’s become increasingly difficult to identify malicious messages. Over a quarter of people surveyed have fallen for phishing attempts, and here’s what they lost:
With some of the attacks originating from work computers, it’s the responsibility of employers to educate their workers with up-to-date cybersecurity measures.
Despite social engineering scams becoming more widespread, public knowledge on the matter is unfortunately lacking. In fact, while just over half of the people surveyed could understand the threat of social engineering, an alarming 31% thought “social engineering” referred to a job title at a social media platform.
Luckily, however, not all is lost on the cybersecurity front. While the methodology of social engineering isn’t widespread knowledge, the threat of phishing is certainly becoming infamous.
Just over two-thirds of Americans surveyed know of phishing, with 85% able to properly define the term. Unfortunately, 6% believed phishing was a form of illegal fishing, and 5% believed phishing was a type of dance move.
Nonetheless, the results show that more than half of those surveyed know of the cybersecurity threat and what to do to avoid phishing attempts. Here are some of the measures that people indulged in to protect themselves.
PRO TIP: If someone tries to create a sense of urgency — “claim this prize now before time runs out!” — be on your guard. This is a classic technique used by social engineering attackers to stop you from questioning their claims.
To stay ahead of socially engineered attacks, you need to first recognize the signs. Once you pick up on the illegitimacy of the attack, you can send all attempts straight to the trash bin.
The best way to stay safe from any online threats is to maintain healthy, everyday cybersecurity hygiene. This means keeping all your software up to date, using strong anti-virus software, and investing in a VPN. Of all the people surveyed, only 1 in 5 used a VPN to protect themselves online.
NordVPN doesn’t just keep your online activity hidden from prying eyes, it also comes bundled with the Threat Protection feature. With Threat Protection active, you’ll automatically block invasive ads and even prevent malware-ridden websites from loading altogether. It’s the perfect tool to combat website-phishing.