Topic: Social engineering a risk to security (Read 225 times)

If you fell on a phishing link, the hackers are patiently waiting for their victims to fall on it. And with that, it's important to check the characters of the website that we visit and where we login.

First, about the links/urls and check them first if they're correct because that's how people fall for these phishing websites. When you just search them through google and lazy to type directly the website.

Lastly, about where we login, if you're using public WiFi. This has been told many times that don't do it and never connect to any of them if your device is important to your crypto activities and it's got your important apps like related to finance too.

These things are also related to security, simple if we're going to think about it but many fails to protect themselves by simply being informed.

During my high school days, around the years 2008-2009, I found a flash drive since I didn't have my computer back then, I only used it in computer shops, and I wasn't too aware of malware at that time.
When it comes to 2FA, almost all the codes are sent to my email and not through SMS. Nevertheless, our email accounts should still be secured and protected. Phishing is one of the most common social engineering techniques. Hackers often send emails or text messages that appear to be from legitimate companies or organizations, trying to trick you into clicking on a malicious link or providing personal information. Be cautious about the links you click on and the information you share online.

There's an optional android backup feature or you can just upload the encrypted backup file in a cloud account BUT for maximized security, I highly recommend local backups since there would be less attack surface that way.

There's no login system too btw. You get less in terms of convenience and ten times more on security so I think it's worth the effort.


And in some cases, there is no need for social engineering because the network service employer/s are in cahoots with the hackers. This happened with T-mobile I belive so yeahhh, avoid sms 2fa whenever you can and service providers with so much history of sim swaps.


aaaaand since we're talking about social engineering, one of the most successful one in crypto scams is probabaly pig butchering scam where the perp tries to befriend or be the lover of their victims to eventually make them invest in a fake exchange they secretly own. Maaaan, the amount of stories I've read about this over the years is countless, damn.

The network providers operators are humans like us and are prone to making mistakes of falling for these scams by this pro-scammers. We should take it seriously upon ourselves to make our privacy a priority securing our data's at all cost. There are growing number of new patterns of scam use by scammers and it's disturbing that some people are not at alert about this which is why there will always be victims to these scam activities. The baiting attack from experience I have seen people fall victim of crimes they knew nothing about by picking an ATM card or sim card they found in public places with the thinking that the real owner might have forgotten not knowing that it's robbers that drop it there after killing their victim and police could use that to track you holding you for a crime you don't know. So in certain cases it better never to play the good guy.

Nice post, OP. But have you heard of a zero-click attack?
Our knowledge regarding online security will turn to dust as soon as such attacks become popular. There is a good, recent article talking about such an attack. I'll leave a link.
https://ensarseker1.medium.com/the-art-of-deception-understanding-zero-click-attacks-8bb33bbe4239

The only good news is that such attacks are now spreading among public figures. As you correctly noted, popularity is a curse.

Okay this is the first time am hearing of this. Would there be any use of the message to the government since its just a one time use pin?
A shame social media is one of the ways to access the privacy of many individual.
People post about their whereabouts, families and work on the social network while including their Personal information; phone number, real Name and the worse to me are those that still choose to flaunt their wealth without any security measures.

The $5 wrench attack is possible most times as a result of this information on the Net.
Why use an open source hardware wallet when you are going to flaunt your wealth and share personal information online without any security measures?

While, Sim port scam can affects anyone who is not cautious of it and these hackers will definitely go for those who they know are rich or any other depending on their goal because we saw how the SEC X (Twitter) was hacked and it must be really shameful for them to fall into such scam but I guess we can saw alot of individuals including top figure fail to be cautious about this scam.

---

I know you may think I don't have enough money, I'm not influencer or any top figure in the society, they won't be interested in me and so may not be cautious of the sensitivity of your data share online or try to use any of such protective measures, I did be Frank, they are still interested in you at least for your money because imagine $100 from 100 persons that's ($10k), cumulatively they will still be making it, after all when they can't get the big fish they will go for smaller ones.

Most sim swapping are common to those who have good influence, well known people (celebrities). this also an event that took place around Feb 10 2021 sim swapping case, a group of fraudsters stole $100 million in cryptocurrencies. SIM Swappers Stole $100 Million from ‘Well-Known Influencers’ Before Getting Arrested, Authorities Say

And also there's another related on how a woman loses her life saving in sim swapping, this is the link to the short story NBC 6 South Floridahttps://www.nbcmiami.com › woma...Woman Loses Life Savings in SIM Swap Scam

Many people are used to been protected by the government not knowing they can only really rely on themselves.

 
  Social engineering poses alot of risk to online security ,these engineers hacks people accounts,forcefully gets businessmen and individuals information that needs knowledge on technology but rather dupes vulnerabilities for their ignorance in the security defence using their different tricks in other for them to give out the informations that they should not have.

    Social engineering is the trick of wrong changing, pretending or deceiving a victim so that,  they can have full control of the person, these are about 50%-90% attacks and no entity,individual or company can fight or even eradicate it financially. It involves all method of breaking securities. e.g ,financial loss, phishing.,loss of sensitive information  E.t.c.

Hey, does Aegis has online backup features? I mean like how Authy does! Backs up your 2FA keys, encrypts them and stores them in the cloud. And also a login/account system? I have been using Authy for years but when I saw this and was curious. I know I know, authy is close source. But still I'm curious.

Hackers are one of the smartest internet users hence knows how to get connections to different network providers. Sim jacking or sim hijacking is a very popular way hackers use to defraud people, it has existed for a long time now and I have been discussed in diverse ways here in the forum. One thing I know about this scam is that now there don't need to get in contact with you before they do there things, they only need to know your phone number and boom they can even clone it to a genuine sim card that can implement phones calls too that where it gets more scary.

I have got to know that no where is really safe but we can try as much as we can to get the maximum safety we can, Like using the above suggested pattern to get you 2FA messages.

There is an old topic about this security risk.

[BEWARE] Sim Port Attack
What is a Sim Port attack?
How to prevent SIM swapping?

When you activate 2FA for your accounts, don't use SMS code because your government can get access to those SMS message. Use open source 2FA softwares like Aegis.
https://getaegis.app/

Best 2FA applications to use. Open source, free, secure. Better than Google's

At first as the name implied baiting' you already know that is something set to lure victims. This is really efficient because it's  exploits human nature—natural greed or curiosity. Like you just said, but not only living their Malware infected usb, floppy disk or CD ROM in a strategies places (where's common for people). They also use tempting offers to lure victims.They send targets enticing offers via ads, social media, email, or free downloadable content. They offer their victims access to free music, movies, games, and software. These offers are usually difficult to resist.
That's one of the main reason I don't vibe kyc given out my information always got me feeling uncomfortable. That I'm recently using few cex account due to the fact that sharing your information in alot of places ain't safe.

We also have tailgating (another type of social engineering) Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal your sensitive information. You can learn more about it here still Tailgating Attacks and How to Protect Yourself From Them

that one uses of pretexting impersonates which might not only endangered your asset but can also affect your reputations or even endup putting you in situations you don't know anything about.

Social engineering in security is the act of Manipulating individuals into divulging their confidential information.This method has been used by many hackers to gain access and also use individuals information for fraudulent act.

Techniques

• Water holing

• Pretexting

• Baiting: This one is something i never expected. The hacker Purposely drops a Malware infected usb, floppy disk or CD rom in strategic places where is common for people to forget things like a public toilet or bus and rely on victims curiosity and greed to take actions. The drives are usually tagged with something that would arouse the victim curiosity or greed to plug into their system to find out whats inside. This would give them access to the computer to perform any fraudulent act or collect victims personal datas
  

Now what brought about my research on social engineering was a method called sim Jacking.

Sim Swapping
To be honest i never knew it was possible to gain a person 2FA code without having access to the sim. I have always be paranoid with leaving my Mobile number online and this made me affirmed by decision. KYC is dangerous in the hands of reputable platforms but more so in individuals hands. Binance p2p merchant (some) usually ask for their customers number and this number can make one vulnerable to sim swapping attack.

Known Victim
This was used against the former Twitter CEO Jack Dorsey which was quite embarrassing for one so renowned. Proof that been popular or rich doesn't protect your data. You have to be active about it and not passive.

           Sim swapping uses the weakness of 2FA and two steps verification since they are sent via sms or call to the specified number. This method start by the hacker gathering confidential information about the victim either through phishing or social engineering.the fraudster contacts the victim's mobile telephone provider.The fraudster convince the telephone company to port the victim's phone number to theirs. This would enable them receive the OTP code that can be used to login in place of the original owner. It can even be used as a method to gain a log in password through forgot password setting.

This https://haveibeenpwned.com/ can be used to check your Internet presence using email, phone number and linked online services.
VPN especially paid ones can help reduce your Internet presence. Torr is also an important privacy method.

You might think why should i protect my privacy or keep my internet presence secure when i barely have any funds to loss. Don't forget collecting your data can make it easy to impersonate you of a crime you know nothing of. Medical report ain't excluded too.
As it is said
Prevention is better than sacrifice
Protect your datas
Improve security continuously.

"At the end of the day, the goals are simple: safety and security"-Jodi Rell.

---

The thing is,I have read quite some thread on security but never knew it was possible to deceive ones network provider to transfer a phone number to another. There are alot of threads that have been created in the forum to assist with privacy.
You can tell by my text am kinda lazy so you can check it out via the search button (search privacy).
I am sure others would drop their opinions as well as link to said thread.