Introduction
Attackers can use various methods to collect data and learn about you. With this data, they can engineer attacks that manipulate you into giving your login details. In doing so, they can gain access to your accounts. This kind
of attack is known as a Social Engineering Attack.
Some attackers will tailor attacks to increase the likelihood of a successful attack by gathering information about the victim, while others rely on the curious nature of victims. Educate your child about the types of attacks to prevent them
from falling prey to these attacks.
An Example
These social engineering threats may not always be very obvious. Attackers trying to gather information can do it in inconspicuous ways, such as through the following image, taken from EpicReads. Note that this specific image may not be malicious and is merely an example of how attackers can gather information.
If your child sees these images and shares their answer to these questions, attackers would be able to figure out a range of dates for their birthday, and their favorite genre. This can be used as a way for attackers to build rapport with your child to learn more
information about them.
Children who are not aware of the dangers may choose to share information. This gives attackers the ability to effectively create scams or other attacks to trick you into revealing your login information. For example, they could contact your
child with the promise of free items for games they play.
With access to your child’s accounts, attackers may be able to impersonate them, trick their friends into giving up information, doxx them, or spread
malware to your child’s contacts.
Social engineering attacks can be very hard to spot. It is important to educate your child about social engineering so they can keep themselves safe even without your supervision.
Types of Attacks
Baiting
This type of attack relies on the curiosity of victims to infect systems with malware. It can happen through the use of physical media, where flash drives are left in obvious spots for the victim to
pick up and insert into their devices. When inserted into a device, malware is automatically installed.
Additionally, victims may be baited by the false promise of free items, given in exchange for personal information, such as their full name, address, or credit card details. Free items, especially when coming
from unofficial websites, are likely to be a scam. To learn about other dangers of online gaming, click here.
Children may act on curiosity or impulse, unaware that they are being tricked. They may unknowingly insert an infected thumb drive or enter personal information without realizing they are falling for an attack.
Phishing
This attack usually happens by creating a feeling of fear or excitement. The attacker tries to impersonate someone trustworthy and sends a link that prompts their victim to enter account details for a particular organization, which is then
sent to the attackers, giving them access to the victim’s account.
With this information, attackers can impersonate your child and attempt to phish their contacts. This can cause distress to your child, as they will have to reach out to their friends to inform them, in addition to resetting their passwords.
Children may not know the difference between a real and a fake link. They may enter their login information without realizing it is sent to the attackers.
Below is an example of a phishing email. Click on the image to see the reasons why it is a phishing email!
- The sender's email is misspelt "jaosn" instead of "jason".
- The content of the email is about answers for upcoming exams, which would make you want to click on it.
- The link is "http", which is not a secure website, and is vulnerable to attacks.
Want to test your skills even more? Click here!
Scareware
This attack relies on creating a sense of fear in victims. Often, the victim will see a pop-up banner that states something similar to:
Your computer may be infected with harmful spyware programs! Click here to download xyz program and remove it.
Clicking the link and installing the program results in malware being installed on the device, giving the attacker access to it.
Children may believe that their device is infected with malware. As they may fear getting into trouble with their parents, they may click on the link to try and resolve the ‘problem’ themselves, resulting in them
downloading malicious programs.
Additional Tips
Being wary and taking precautions will make it harder for attackers to successfully target you. Keep in mind the following tips:
- Use multi-factor authentication
- Be wary of offers that seem too good to be true
- Use anti-virus software and scan your device frequently
- Do not click on unknown and unexpected links and attachments
- Avoid sharing personal information with strangers online
Quick Quiz
Think you know it all? Test out your knowledge with this quiz! You can review the questions with explanations at the end.
