Social Engineering Attacks: getting smarter.

“Bullying”, “insistence”, and “deception”, are some ofthe words that characterize the digital life of children and adolescents. With theuse of social media, minors are exposed to these worrying behaviors that wemust confront. In recent years, the emergence of new social media platforms andthe subsequent strengthening of existing ones has brought great advantages forbringing people together, leaving aside geographical boundaries.

COVID-19pandemic brought with it an increase in the use of social media, which hasallowed us to reduce the impact of isolation and lack of face-to-face humaninteraction on interpersonal relationships. However, this has also brought withit new threats, such as social engineering attacks that are becoming much moreintelligent and are accompanied by the evolution of technologies.

The Mexican National Survey on Availability and Use of ICT in Households, ENDUTIH, reveals that 21.3 million Internet users are between 6 and 18 years old, so we asked ourselves the following question:

What are the risky behaviors, cyberattacks, and threats to which underage users are exposed?

First, it isimportant to be aware that most attacks make use of a technique called socialengineering, which is based on emotional manipulation. So, what is socialengineering? It is the practice in which actions are carried out that seek toinfluence people’s attitudes and behaviors, based on the study of our thoughts,feelings, and behaviors. In the digital world, social engineering is usuallyfocused on creating and performing deception techniques to obtain anindividual’s personal and confidential information, which allows them toperform a wide range of activities ranging from selling such information tocommitting crimes using the stolen identity.

As mothers,fathers, guardians, teachers, and adults who have minors under their care, wemust be alert to the main threats facing children and adolescents. What arethey? In 2022, the biggest cyber risks are:

1. Sharing Sensitive Content:

In Mexico, morethan 50% of minors have an electronic device with internet access, and 33% ofthem do not receive adequate education about the dangers of its use.

Let’s teach our children how to maintainadequate security filters when sharing content on social networks. Some of therecommendations are:

  • Share only with trusted contacts
  • Keep your profile “private”,accessible only to people you know and trust.
  • Use strong passwords that are 12 to 18characters long. Ideally, use a password manager such as LastPass or Apple’sKeyChain.
  • Do not accept requests from unknownpersons.

2.     Doxing:

Have you ever heard this term before?

Doxing is the act of revealing personal,banking, telephone, work, or intimate information, as well as photos. Itspurpose is to threaten a person or cause intentional damage, usually tocomplete revenge.

This type ofdigital gender violence is one of the main threats considered this year,especially for the female population.

3.    Grooming:

The practice ofgrooming is a social engineering technique in which an adult maintains contactwith minors, seeking to gain their trust through deception, friendlyconversations, and sometimes gifts. The objective is to convince them toperform illegal actions or sexually abuse them.

How it is performed?

The most common vector contacts through streamingrooms where the attacker approaches users offering gifts such as tokens or characters. Eventually, threats to obtain personal information such as bankcards, personal accounts, digital assets, or compromising photographs.

Social Engineering

4.     Catfishing:

Catfishing, or catfish, is another socialengineering technique that is similar to cloaking. This happens when attackerscreate fake profiles on social media platforms to scam or abuse a user.Typically, their profile has fake personal information that is enhanced byphotographs or videos, creating the appearance of a legitimate profile, but infact, its content may come from illegitimate sources or from users who havebeen victims of identity theft.

This practice is usually very popular inonline dating platforms, where they seek to romance their victim, creatingemotional ties strong enough to appeal to enough trust and start with the scam:borrowing money with the excuse of being going through an emergency, asking fordonations for the charity they supposedly work for, even sending maliciousfiles or links that infect the device and access the victim’s personalinformation.

How toprevent it?

First, it isimportant to accept that we need to face these threats and be aware of them. Bybeing informed, we can then take the next steps.

The next stepwould be to know and understand what are the new digital trends and networksthat minors use to socialize and maintain human relationships in thispost-pandemic technological era.

Once we know clearly,we can move on to educating minors. If we understand the risks, we can sharewith them basic cybersecurity strategies that will help take care of theirwell-being and integrity.

Acting humanly and kindly is what makes us strong. So, let’s look forstrategies to learn together with our children, nieces, nephews, students, andall the underage people we live with. By learning about cybersecurity together,we are not only protecting them, but we are strengthening the trust that willallow us to take care of them and protect them closely