You don't need to be a cybersecurity expert to take care of your own cybersecurity. All it takes is some awareness and actionable steps to secure your digital life. Like when it comes to social engineering, which is a malicious attempt to trick someone into giving away sensitive information (like financial information or a password).
You may have gotten an unexpected email in the past asking you to confirm your credit card number. The email may have even come from a known source, like a familiar online retailer. But something seemed off – especially the tone, which was uncharacteristically urgent. There might have even been some spelling mistakes that you brushed off. Sound familiar? What you received was a very common social engineering tactic called a phishing email.
Let’s dive into what social engineering looks like, important safety tips, and how a password manager can be your best defense against this threat.
What is social engineering?
Social engineering can reach its target through several routes. The main goal, though, is to trick you into revealing sensitive information through psychological manipulation.
- Phishing: Phishing is the most common social engineering attack. A traditional phishing email looks like it came from a legitimate sender and uses urgent language to get you to click a malicious link. The website that shows up will then ask you to disclose some private information or silently install malware on your device.
- Smishing: Smishing is a variant of phishing that arrives via SMS text message or pops up in a social media message.
- Vishing: Hackers might also launch vishing attacks using automated phone calls (robocalls), often scaring their intended victims into sharing information on the spot because of fear of running into problems with the government's tax office or losing access to a financial account.
Social engineering safety tips
Now that you understand how social engineering can make its way to your inbox, messages, and voicemail, let’s look at some useful tips that, over time, can become second nature when navigating your online accounts.
- Be suspicious of unsolicited messages. At first look, the message might look legitimate but if you haven’t initiated communication and there is a sense of urgency, this could be phishing (or vishing or smishing).
- Never use the contact information in a suspicious message. Contact the presumed sender using information you’ve looked up independently if you want to ensure it was them who sent the message. And never click on any links contained in the message – again, verify them independently.
- Don’t assume your favorite apps are safe. Since hackers are aware that people are more vigilant about phishing emails, they’re increasingly trying to reach you via the apps and sites you trust, like music stores or social media.
- Think twice before sharing personal information online. Cybercriminals can extract personal information from your public social media posts to gain your trust in a future phishing attack. Even if information specific to you is being relayed, don’t assume it’s from a friendly source.
How a password manager protects you
Awareness and safety tips can only take you so far. The best defense against social engineering is a password manager, like LastPass. A password manager does the heavy lifting when it comes to keeping you ahead of social engineering threats by:
- Generating complex passwords. Password managers generate and store strong passwords for each account, reducing the need to use simple, guessable (and crackable with automated software) passwords. Harder to crack means harder to phish.
- Preventing password reuse. Unique passwords help prevent unauthorized access to your accounts, even if one set of credentials is compromised in a social engineering attack.
- Guarding you from fraudulent sites: A password manager restricts password entry to verified sites by auto filling. If the password manager doesn’t autofill that may be a sign that you’re dealing with a phishing attempt.
With a password manager like LastPass, you can generate unique and secure passwords for all your accounts and store them in one central vault that can be accessed wherever and whenever you need it.
You also have a free, personalized security dashboard to see how your accounts measure up, and can systematically address any weak or reused passwords that are detected. And with Dark Web Monitoring, you can stay ahead of threats with proactive monitoring of your exposure on the dark web in the event your information is exposed in a breach.
Protect yourself from social engineering threats with LastPass. Start your free trial here.
