The booklet, prepared by the cyber security company ESET and published free of charge on its website, aims to support awareness efforts regarding phishing attacks.
While technology plays an important role in digital security, the human element remains a critical factor. According to the Verizon 2023 Data Breach Investigations Report, 74 percent of breaches involve the human element, which includes social engineering attacks, errors, and abuse. This data underscores the importance of educating employees about various attack types and protection methods.
ESET Turkey Product and Marketing Manager Can Erginkurban said that, as ESET Turkey, they aim to contribute to awareness activities and create a social benefit with the handbook they prepared, taking into account the increasing phishing attacks. He provided information about the social engineering techniques used by cybercriminals and shared the following tips for strengthening the digital security infrastructure.
Vishing: Telephone social engineering, short for “voice phishing,” Vishing involves scammers using phone calls or voicemails to trick individuals into revealing sensitive information or making fraudulent payments. These attacks range in complexity from human impersonators to automated robocalls. Some scammers even engage in call spoofing, using legitimate phone numbers to further their scams. The latest version of Vishing includes deepfake searches that can mimic a specific person's voice using AI tools to make it even more believable. Smishing: SMS social engineering, smishing, or “SMS phishing” refers to sending fraudulent messages via text or messaging apps to manipulate victims into taking certain actions. Messages often contain links that direct recipients to malicious websites, landing pages, or applications. When these channels are accessed, personal information, including payment card information, can be obtained or the victim's device can be infected with malware. Phishing: Social engineering via email, those working in companies have heard about phishing, but knowing the concept does not reduce its danger. In contrast, phishing emails allow attackers to impersonate individuals by posing as trusted entities; It continues to be among the most prolific cybercrime techniques in which they attempt to trick people into revealing sensitive information such as passwords, credit card information, or personal identification information. They often use deceptive tactics such as fake emails containing links to websites impersonating legitimate organizations or individuals.”
Can Erginkurban shared five methods to protect against types of social engineering:
”Pause, think and then act: Scammers rely on haste to manipulate victims. Take your time to consider requests and avoid rushing. Avoid clicking on links in text messages and visit the organization's official website to verify the legitimacy of the communication. Be suspicious of unknown numbers: Verify calls or text messages from unfamiliar or suspicious numbers. Avoid revealing any personal information or clicking on unknown links in messages. This helps you minimize your chances of falling victim to these types of scams. Keep your personal information private: Never disclose sensitive information such as account numbers, identification numbers, passwords, or Multi-Factor Authentication (MFA) codes to unknown persons over the phone or in a message. Legitimate organizations do not request such information through unsolicited calls or messages. Verify identity: If you receive a message from someone claiming to represent a company or government agency, avoid direct interaction. Instead, independently verify its authenticity by contacting the organization using the official contact information found on their website. Enable strong security measures: Use strong and unique passwords to protect your accounts. Consider using password generators and managers to create long and complex passwords or passwords and store them securely. Use Multi-Factor Authentication (MFA) whenever possible to add an extra layer of protection.”