I didn’t know I would encounter a topic that is THIS interesting in this course.
Social engineering, in security, is the act of psychologically manipulating people into doing things that we want them to do. A simple day-to-day example would be to ask a friend for answers to an assignment. You try to talk them into it by saying “C’mon, we’re best buds” “You know I’d do the same for you” “It’s just this one time”. Once that friend gives you the answers and you get what you want, you have succeeded in social engineering.
Now, in cyber security, it is of course not as simple as that. An action that is commonly found is a text or email telling the receiver to open a link and input their personal data. The message usually tell them that “Oh, someone hacked into your account! Enter your credentials and we’ll fix it for you” or “Congratulations! You just won money! Fill in your data and bring home the prize”. This reminded me of the very many text messages I receive from unknown numbers for years. I never really bother opening my messages anymore unless it comes from someone in my contacts or the message actually says “Hey, I’m blabla” and that blabla is actually someone I know. After the session, I decided to go through my inbox and see what I can salvage.
An example of a text message I got. It says I won a promo from Whatsapp Indonesia and it’s telling me to click the link.
It sounded very tacky to me… I mean, never in a million years would I see myself winning something from Whatsapp. Especially when I have no memory of entering a competition or lottery. The domain of the website was also .tk which is weird. I mean, if it we really official Whatsapp or even Whatsapp Indonesia I would expect their domain to be .com or .co.id. So I checked the website with Sucuri Check to see if it’s all good.
Apparently there are no malware on that website. However, I still wasn’t falling for it so I decided not to open it. As I go through the junks my providers sent me (that’s what you get for using two SIM cards. ugh.), I manage to find another one. This one also claims to be from Whatsapp but says that I wont 75mio rupiahs. Captivating? To me no. But many others might fall for it easily.
Just like the previous message, I check the site through Sucuri Check. I was surprised to see the result.
It’s BURNING RED! The site had malware in them!
So what I can see is that both messages claim to be from a service that many people use assuming that the person on the receiving end uses it. The second one was more tempting than the first because it mentions money, and the large amount of it. However, the second did prove to be more harmful because malware was detected by Sucuri Check.
Don’t let them fool you folks!! Be skeptical, be wary, be safe❤️