The use of deception to manipulate people into divulging personal information or performing certain actions.
Unlike hacking, where technology is used to get unauthorised access into networks, social engineering involves threats, social pressure, or other types of deception to make a person do something. It can be used to infringe on people’s privacy, steal their identities, or gain information, like intimate images.
What can I do to protect myself?
- Never give confidential information to anyone, even your friends and family
- Review your account activity regularly to check where you have been logged in and what you have been doing online
- Treat any offers, messages, or emails from unknown parties with scepticism• Use two-factor authentication to secure your online accounts, this is an extra step on top of your password to make it harder for others to access your account
- Use a strong, unique password (at least 12 characters) comprising five different words that relate to a memory unique to you for each of the accounts you create online, such as your email, social media and e-commerce accounts. Do not use commonly used phrases or obvious patterns e.g. “Password1234”, or personal information such as your name, NRIC or birth date, or information that can be obtained easily by doing a search online. In addition, use uppercase and lowercase letters, numbers and symbols to make it even harder to crack. Learn how to create a strong passphrase here: https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/use-strong-passwords
- Enable two-factor authentication (2FA). 2FA uses more than one type of information to identify who you are before granting you access to your online account. The first factor is usually something that you know, such as a password. The second factor is something you have, such as a one-time password (OTP) from a physical OTP token. Another form of authentication involves biometrics which includes fingerprints and face recognition. With 2FA, even if a hacker obtains your password, your account is still protected if he is unable to get hold of a second factor.
- Install anti-virus software for your devices. At the minimum, your anti-virus app for your mobile phone should be able to scan and detect malware. Some anti-virus options can only detect and quarantine malware, but may not remove viruses in your device. When searching for a suitable anti-virus app, look out for one which offers malware removal capabilities.
- Update all software and apps on your devices as soon as new versions are made available. This fixes bugs and patches up security loopholes to fight new viruses and malware.
My social media is compromised. What can I do?
Report the issue directly to the social media site itself. Most sites have Help and Contact Us sections where you can reach out to them, and they usually take care of such issues within 48 hours. You can also use a friend’s account to post publicly on yours, making it clear that the account is not under your control.