The Risks of Phishing/Smishing and Social Engineering



 For week 4, we took a deep dive into cyber security crimes and explored the potential risks that come with using the internet. The internet has significantly improved our world by making it easier to access information, stay connected with friends and family, and work with organizations without needing to visit brick and mortar locations. While these advancements offer numerous benefits, they also introduce new risks. Cybercriminals can exploit our online presence to gain access to sensitive information such as passwords, personal documents, and financial data. One way they do this is through cyberattacks that used tactics like phishing/smishing, and social engineering. These methods rely on human error and the the natural tendency to trust, making them specially effective and dangerous. My family and I have been victims of both phishing and social engineering attacks. While the incidents were not severe, we have experienced firsthand how these types of cyberattacks can target everyday users.


Phishing and smishing attacks usually target users directly through email, text, links, or social media messages through seemingly legitimate sources such as government entities, banks, social media websites, and trusted company websites. Often times users will click on a link and are directed to a webpage that looks familiar or legitimate. They are then prompted to sign in or enter their credit card information to approve what appears to be an expected purchase. When providing the information, the cyberattack will store this information and send it to the attacker, this information will the be used to commit unauthorized transactions, data breaches, network infiltration and sometimes spread malware through other users in the system. I was personally targeted by a phishing website when I was in my teens. I had searched for Facebook (now Meta) on Google and clicked on the first result that appeared. The link led me to what looked like a legitimate Facebook login page. In hindsight, there were warning signs I missed—most notably, the fact that I wasn't automatically signed in despite having cookies enabled. Still unaware, I entered my login information into the fake site. After submitting it, I received a message stating that Facebook’s servers were “down”, and I would be unable to log in at the moment. I didn’t realize anything was wrong until friends and family began reaching out to let me know that someone was sending messages from my account to spread the phishing scam.

After that incident, there were obvious signs on how to avoid phishing attacks. As stated by Federal Trade Commission(FTC) you should always protect your computer by using security software, protect your electronics by updating protection software constantly, using multi-factor authentication for your accounts, and protecting data by backing it up. Since temporarily losing access to my Facebook account, I’ve become much more cautious online. I now always check URLs carefully. Rather than clicking on links provided in emails, I open a separate browser window and navigate directly to the official website. I've also enabled multi-factor authentication on all my most important accounts. For any account that contains sensitive information, I change the login credentials yearly and use unique, strong passwords. While I still reuse passwords for low-priority accounts with minimal risk, I no longer click on the first link that appears in a Google search without verifying its authenticity.

Social Engineering cyber attacks rely on the person’s trust to break standard security practices.
Unlike normal hacking, these cyber attacks are done through impersonation of an authoritative figure using either fear base tactics or familiarity exploitation. Attackers may pretend to be bank representatives, IT personnel, law enforcement or company representatives trying to gain access to your systems. Successful attacks will allow the perpetrator to gain access to the victims credentials or even create transactions for the benefit of the attacker. My family nearly fell victim to a social engineering scam. My father regularly sells items through Facebook Marketplace, and on one occasion, a potential buyer reached out with an unusual request. The buyer claimed to have a “business account” and said he was unable to send less than $600 due to account restrictions. The item my father was selling was listed for $400, so the buyer insisted on sending $600 and asked my father to return the $200 difference. A notification appeared in my father’s bank account showing a pending deposit of $600. Unsure about how to proceed, he asked for my opinion since I’ve worked with small businesses and have some experience with business accounts. I told him I had never heard of any of rule requiring a minimum transfer amount like that, and advised him to wait until the transaction was fully processed and cleared by the bank before sending any money. After my father relayed this to the buyer, the tone quickly changed. The buyer became aggressive, threatening to leave a negative review and claiming they would contact the bank if the $200 wasn’t returned immediately. Sensing something was off, I encouraged my father to contact his bank directly to verify the transaction. The bank confirmed that the payment was never actually processed and had already been flagged as a fraudulent attempt. The pending transaction was fictitious, and the buyer’s goal had clearly been to manipulate my father into sending them $200 of his own money.

After that incident, the best suggestion is go with your gut feeling. If something feels off, it's best to use verification tools. In my father’s case, calling the bank directly to confirm the transaction was one of the most effective ways to determine whether the transaction was legitimate. As stated in Ways to Avoid Social Engineering Attacks by Kaspersky, “Social engineering often depends on a sense of urgency. Attackers hope their targets will not think too hard about what's going on. So just taking a moment to think can deter these attacks or show them for what they are — fakes.” In this situation, there were two moments of urgency: first, my father’s eagerness to receive the $400 he was expecting, and second, the attacker’s attempt to manipulate him through fear by threatening to leave a negative review and contact the bank. Ways to avoid social engineering cyber attacks is to be aware of them, verify directly with the source, be skeptical, don’t click on unknown links, and always use multi factor authentication.





Comments

Post a Comment

Popular posts from this blog

Programming Languages In The Role Of An Accountant

Image
 As someone who spends their days working with numbers, spreadsheets, and financial reports, I never thought I would develop such a deep interest in IT and programming languages. But the more I learned in this course, the easier the IT side of my career I understood. Especially when dealing with scripts for excel automation, and dealing with other systems to manage data flows. Programming languages are essential because they allow us to give computers clear instructions to perform specific tasks and produce the outcomes we need. In the early history of computing, programs were written using simple binary code just 1s and 0s which controlled hardware directly. One early example was software developed to calculate Bernoulli numbers, laying the groundwork for future advances. Since then, programming languages have evolved dramatically, supporting everything from business applications to complex algorithms used in modern AI systems. Programming languages at its core still relies on har...
Read more

First Scratch Experience

Image
  First Scratch Experience      In the first week of TEC101 at UAGC, we were tasked with creating a small game using Scratch. I believe starting with a simple game and decided to feature my favorite videogame character, Mario from Super Mario Bros. Given that I am fairly new to Scratch and programming in general, I opted to design a simple game similar to the popular Flappy Bird – style genre that were widely played on mobile phones in the 2010s. The objective of the game like Flappy bird is to avoid the obstacle to achieve the highest score.          Initially, my experience with creating this program involved familiarizing myself with the different categories and commands available in Scratch. After understanding the limitations of each category, I realized that making my simple game was doable. I think the hardest part as I went through the programming phase was getting started, as I wasn’t sure how I would tackle programming the game...
Read more

Fundamental Concepts of Operating Systems

Image
Section 1 This particular week I learned about the major functions of an operating system which can be broken down into several core areas that work together to manage system resources and support program execution:  Memory Management – This function determines how much memory to allocate to each process and keeps track of which parts of primary memory are currently in use. It assigns memory when a program requests it and releases it once the process has completed. Throughout the course, I’ve also learned how closely memory management is tied to the storage subsystem. For example, virtual memory often relies on secondary storage as a backing store, and many systems allow files to be mapped directly into a process’s virtual address space. Because of this, memory usage and file system operations must be carefully coordinated to ensure smooth performance and data consistency. Processor Management – This function allocates CPU time to processes as needed. It creates, schedules, and t...
Read more