By Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky
Yesterday, some social media users reported to have been tagged in malicious videos without their permission and by people they do not know. This is not the first time this has happened. But it appears to be an example of social engineering that cyber attackers use to get victims to respond by clicking on an infected attachment.
Social engineering is a manipulation technique that uses human psychology that cyber attackers use to trick someone or to lure unsuspecting users to expose data, spread malware infection, or give them network or computer access.
Scams based on social engineering are built around how people think and act. Attackers may use emotional manipulation to convince you to take an irrational or risky action that you otherwise wouldn't. Fear, excitement, curiosity, anger, guilt, and sadness are emotions normally used to convince an unaware, clueless person.
On social media, trust is important among users and it is also essential in a social engineering attack. Users are usually tricked by accounts they follow, usually under the names of people they know and trust.
As social engineering is an attack against a human being, not machine, we advise internet users to take basic measures to protect themselves. We recommend the following:
1. It's cliché but the rule of thumb in internet security is always think before clicking.
2. Set a strong password.
3. On social media, take advantage of the security and privacy features of your favorite platform. You can control who can tag you or who can see your posts. Because Facebook regularly makes changes to their settings, it's worth your attention and time to check your own saved settings from time to time to update it for maximum privacy.