The human factor comes at first as one of the most important factors that seriously threaten cyber security and make it easier to overcome security measures. In social engineering, the weaknesses of people, instead of technical infrastructures and systems, are abused.
“The chain is as strong as its weakest ring. And here, the weakest ring is the human.”
Social engineering is a type of psychological attack that allows you to act in a manner that attackers want. It's the art of getting people to do the things, they normally wouldn't do, for anyone they don't know. It is the acquisition of information by deceiving people rather than using technology.
People think it is a hundred to one that they are deceived. The attackers, being aware of this common belief, present their wishes very cleverly, and exploit the trust of the victims by arousing any suspicion.
Such concepts as deceiving, tricking and defrauding are those concepts that have existed for thousands of years. However, the attackers have discovered that using this technique in a digital environment is also extremely effective. In order to understand how this technique is used, it is useful to look at the common examples of today.
Although Social Engineering is similar to fraud in its simple definition, it is a method that can be used to leak information or leak into an information system. In this method, the attackers do not generally face the victims. And the factor, abused, is not system weaknesses, but the human weaknesses.
It is necessary to make an exemplification by moving from the weaknesses, it can be mentioned that important information about institutions and individuals can be reached through the information, which has not lost its validity, and found on the non-destructed documents that can be found in the garbage of the institutions or individuals.
In order to protect yourself, the first thing you need to do is learn how to detect, prevent, and stop social engineering attacks.
If you suspect that someone or some people are trying to target you, never contact that person again. If those are trying to contact you over a phone line, turn off the phone. If you are in online chat, terminate your connection. If it's an email coming from a place that you don't trust, do not download attachments and delete the email in question. If you think there is an attack on your organization or workplace, immediately notify the workplace help desk or the relevant security experts. The screenshots, which you will record in all these stages, will be of great importance in the next process.
Check URL / Address: One of the most important factors of not getting caught in phishing attacks is to check the address in the browser. A character change in the address bar that can be missed can lead to undesired consequences.
Be Careful About Unreliable Sources: When you want to download a file, you should download it from reliable sources and, if it is possible, from the verified producers, and regularly scan your computer for viruses.
Perform Periodically Information Security Tests in the Organization: Employees of the institution should periodically receive information security training and be subjected to leaking tests. Antivirus software should be installed on all computers, and documents that need to be thrown away must be passed through paper shredder machines. People who come to the institution as visitors must present their identity cards and they must be accompanied by the employees of the institution.
“The safest computer is the one that has no internet connection and that is shut down. However, there is a possibility that the attackers can go to the office and persuade anyone to turn on the computer.”