Skip links
Kenya
Contact us
A&D Forensics

Social engineering as a Cyber Security threat

Author
Published on:
Published in: Security

The human element has always been the easiest loophole to exploit in a digital world, in itself, social engineering is not a cyber attack but the art of persuasion, a psychological manipulation that either start by gaining the trust or uses threat to force a victim into taking malicious actions.

Imag credit:blog.rsisecurity.com

What is Social Engineering?

There are different definitions as to what exactly social engineering is all about, but in the context of information or cyber security, below are some definition and insight from industry renowned solution providers.

Kasspersky, a very popular security solution provider defined social engineering as “… a manipulation technique that exploits human error to gain private information, access, or valuables.”

While IBM, a renowned IT solution provider ranging from software based security solution to hardware infrastructure explains social engineering as a method used to “…manipulates people into sharing information they shouldn’t share, downloading software they shouldn’t download, visiting websites they shouldn’t visit” as well as “…making other mistakes that compromise their personal or organisational assets or security.”

How Social Engineering Works

We as Humans, have certain traits that are similar and predictable, as such, bad actors capitalise on this behaviour to get sensitive information and gain unauthorised access to individual and company’s systems and infrastructures.

This traits include Greed, Fear and urgency, Trust, curiosity, lack of awareness, Impersonation of people in authority, Human error.

Greed: Human (most of us), are forever in want of more, and when an advert online shows the opportunity to gain a certain monetary value without cost or win the latest gadget with any labour, people tend to jump into it most of the time without checking it’s legitimacy, as a result they get compromised.

Fear and Urgency: This is probably the most used method, humans don’t like loosing, so when a message or email comes in warning of an imminent loss and the need to act with urgency, people fall for this trick without verifying.

E.g An email seemingly coming from your bank, asking you to visit link and carry out certain action else you lose you funds after a certain period.

Trust: Humans are trusting, and easily so, this can been exploited a lot of times to gain unauthorised access, This is because the victim hardly suspect the motive of the trustee until after he/she has been breached.

An example is a stranger asking for access to your person device to carry out a seemingly urgent and pressing need while having an ulterior motive

Curiosity: Curiosity they say kills the cat, Sometimes people do have a certain level of knowledge of cyber security but fall victim due to curiosity, this could be as a result of how convincing the message or the social engineering trick is crafted.

Impersonation of people in authority: Some people have genuine respect for by people for individuals in position or terrified by them, as such any information or instruction coming from them should be acted upon

Lack of awareness: The need for continuous education about measures to put in place in respect to cybersecurity can not be over emphasised, Individuals who are not aware of the techniques above tend to fall as victim.

Some Examples of Social Engineering Techniques 

Phishing: This is probably the highest utilised method by cyber criminal, this is when receive a mail or text message claiming to be from a legitimate source and requesting a user to carry out an action that eventually compromise the user.

Pretexting: This is when an individual create a fake scenario just to get access to your sensitive information or data or even device. e.g A stranger asking you for access to your social media account as he/she is trying to recover his or her lost account.

Baiting: This is another common type of social engineering that people fall into, this is because it offers things that are enticing are sometimes irresistible to the victim who is ignorant of this schemes.

Spear Phishing: This a type of phishing attack that is tailored towards a particular target for maximum impact, a lot of effort is put into it to make it look like it’s coming from the legitimate source.

Vishing: As opposed to phishing emails, a victim is contacted via a phone call, seemingly from a legitimate source. The aim to convince the user into revealing sensitive information or carring out an action that ends up compromising the victim.

How to protect yourself from social engineering

      1. Awareness and Education: The fact this is the first on the list isn’t a coincidence, it is crucial for individuals and organisation to learn and educate others on how recognise social engineering indicators and the best practice to handle suspicious requests.

      1. Enable Multi-Factor Authentication: Two Factor or 2FA as it’s usually abbreviated is one of the best methods to improve your security posture, this is because you are mandated to authenticate yourself using multiple personal sources before access is granted. This includes an authenticator app, SMS or email.
      2. Activate Email Filters: Victims of social engineering are contacted via email most of the time, this type of mails are usually flagged by mail service providers hence the need to activate email filters to reduce coming in contact with such emails.
      3. Incident Response and Reporting: This is very important for organisation, there should be established protocol for reporting suspicious activities. This help mitigate the potential damage.
      4. Robust Policies and Procedures: Strong security policy should be put in place, which includes strict access control, good password hygiene and regular cyber security training.
      5. Cybersecurity technologies: Humans are prone to error, putting good cybersecurity technologies in place can serve as a fail-safe, this include firewalls, intrusion detection and prevention system and endpoint protection solutions.

    Conclusions

    The risks posed by social engineering attacks can be considerably reduced by individuals and organizations by establishing a culture of security awareness and implementing effective security measures.

    A&D Forensics offers cybersecurity services to start-ups and established organisation to help secure there digital environment in an increasingly threatened digital space, check them out here.

    You may also like

    This website uses cookies to improve your web experience.
    On-Site Certified Cryptocurrency Investigator (CCI) Training

    Learn how cryptocurrency related transactions, crimes are tracked, traced and prosecuted.



    Certified Cryptocurrency Investigator Virtual Training

    Learn how cryptocurrency related transactions, crimes are tracked, traced and prosecuted.


    Blockchain and Cryptocurrency Accountants Course (BCA)

    In today's financial landscape, the emergence of blockchain technology and cryptocurrencies has ushered in a new era of finance.

    Our comprehensive training empowers participants to not only meet but exceed regulatory expectations, enabling them to become Blockchain and Cryptocurrency Practitioners (BCAs).


    (ON-SITE) CERTIFIED CRYPTOCURRENCY COMPLIANCE SPECIALIST(3CS) COURSE

    Learn how compliance could be a competitive advantage to your exchanges with all your AML, CTF, KYC and OFAC requirements.

    By becoming an early bird for each cohort or leveraging our partner firms, you can obtain up to a 25% discount, contact us for more details.


    Smart Contract Audit

    To speak to us regarding Smart Contract Audit, please fill the form below. We will make every attempt to respond to you as soon as possible

    Call Direct: +2348036180089 | +2349095503040

    Get in touch

    To speak with us as regards our services, to make comments and ask questions, please fill the form below. We will reply as soon as possible.

    Call Direct: +254703 861236 | +254711873870

    Chioma Onyekelu

    Linkedin-in Twitter Facebook-f

    LEAD FACILITATOR – CRYPTOCURRENCY INTUITION

    Chioma Onyekelu is a highly skilled and accomplished professional in the field of cryptocurrency and blockchain technology. She is a Certified Cryptocurrency Investigator and Crypto Compliance Specialist, as well as a Blockchain Forensic Specialist and a teacher. She is also a public speaker and her teachings include consultations and practical solutions for African Start-ups on the best and most cost-effective way to build with compliance in mind. With a wealth of knowledge and experience in these cutting-edge technologies, she is well-equipped to navigate the complex landscape of cryptocurrency-related crimes.

    In her current role as a Blockchain Forensic Specialist at A&D Forensics, Chioma is responsible for tracing and investigating cryptocurrency-related crimes, as well as training law enforcement agents and compliance officers on the latest developments and best practices in the field. In addition, she is currently pursuing a Master's degree in Blockchain and Digital Currencies at the University of Nicosia in Cyprus, further solidifying her expertise and understanding of the technology.

    Chioma's dedication and passion for the field is evident in her work, and she is committed to staying at the forefront of developments in cryptocurrency and blockchain technology to provide the best possible service to her clients. Her exceptional skills in educating and consulting make her a valuable asset to the industry and an authority in the field of Blockchain and Crypto Compliance.

    Sewe Wycklife

    Linkedin-in Twitter Facebook

    FACILITATOR – CRYPTOCURRENCY INVESTIGATIONS

    Sewe Wycklife is a dynamic and accomplished professional with a proven track record of driving business growth and fostering educational excellence. Mr. Sewe possesses a unique blend of expertise and with strong leadership capabilities, he is committed to continuous learning and innovation to stay ahead in dynamic and competitive markets. Mr. Sewe has served as a Business Development Officer in Pathologists Lancet Kenya, one of the leading diagnostic labs in East Africa. He spearheaded business development initiatives to expand market presence and drive revenue growth in the diagnostic healthcare sector. He also identified and pursued strategic partnerships with healthcare providers, government agencies, and corporate clients to increase market share. Mr. Sewe has also served as the Vice President of Education at Fortune 360, a Forex Trading Company, based in the US. He was responsible for designing and delivering comprehensive training programs. Developed curriculum content covering topics such as technical analysis, risk management, and trading psychology to cater to diverse learning needs. Mr. Sewe Implemented strategic initiatives to enhance the effectiveness of educational programs and drive student engagement and retention. Mr. Sewe is a dedicated and proactive individual with a passion for criminology and security studies. His leadership experience includes serving as the President of the Young Criminologist Network, where he successfully organized events, workshops, and seminars aimed at promoting awareness and understanding of criminological issues among youths in Kenya. Additionally, he has held the position of Chairperson of the School of Social Sciences Clubs Consortium, where he collaborated with other student organizations to create interdisciplinary initiatives that fostered a sense of community and intellectual exchange within the school. Mr. Sewe is currently pursuing a bachelor's degree in Criminology and Security Studies at Mount Kenya University. Through his studies, he is gaining in-depth knowledge of theories and practices related to crime prevention, law enforcement, and security measures. His coursework is equipping him with analytical skills, critical thinking abilities, and a comprehensive understanding of the social, psychological, and legal factors that influence criminal behaviour. Mr. Sewe recently got certified as a Cryptocurrency Investigator and compliance specialist from Blockchain Intelligence Group and Association of Certified Financial Crime Specialist (ACFCS) institutions respectively. Mr.Sewe’s experience in cryptocurrency trading has enabled him to leverage his experience in identifying suspicious transactions and patterns, which lays the foundation for seamless transition into the realm of cryptocurrency investigation and compliance. Mr. Sewe’s new role as the managing partner and cryptocurrency lead investigator at A&D Forensics East Africa will include Overseeing A&D Forensics Operations within Kenya and the neighbouring countries within East Africa • Investigating cases involving cryptocurrencies which will includes tracking and analysing blockchain transactions, identifying potentially fraudulent activities, tracing illicit funds, and providing expert testimony in legal proceedings. • Staying abreast of evolving cryptocurrency regulations and compliance requirements in East Africa. Ensure that investigations adhere to legal and regulatory standards, and provide guidance to clients on compliance issues related to cryptocurrency transactions. • Acting as the primary point of contact for clients, providing expert advice and guidance on cryptocurrency-related matters. • Communicating investigation findings effectively, prepare reports, and assist clients in understanding the implications of the findings on their business or legal matters • Conducting training sessions and workshops for both internal team members and external stakeholders on topics related to cryptocurrency investigation, blockchain technology, and compliance. • Networking and Collaboration while building and maintaining relationships with industry peers, law enforcement agencies, regulatory bodies, and other relevant stakeholders. • Collaborating on joint investigations, share knowledge and best practices, and contribute to the advancement of the field of cryptocurrencies and blockchain technology.

    Cryptocurrency Investigation Training

    Learn how cryptocurrency related transactions, crimes are tracked,
    traced and prosecuted.

    • 5 Days On-site
    • In-person training
    • Personal training materials
    • Catered lunches
    • Exam administration
    • Hands-on practical session for participants.
    Choose package
    • 5 Days Virtual
    • Webcam-based training
    • Personal training materials
    • Exam administration
    Choose package