How many times have you come across news articles talking about hackers stealing money from people and making them go bankrupt? You think that staying away from spammy emails will prevent you from such frauds. But remember, hackers, are smarter than you might think. They always look for a loophole to get your account details or blackmail you into paying the money they want.

But what will you do if you see an email from your friend but as soon as you open it and click on the link inside, your computer goes blank? You can't access anything and a message comes on your screen saying you need to pay $50,000 to unlock your computer.

Understanding social engineering

Social engineering is a way to manipulate people into giving up their confidential information. Hackers try to trick you into providing your credit card information or online banking password so that they can empty your bank account in next to no time. Alternatively, they may manipulate you into downloading and installing some software on your computer that can fetch all your banking information.

Over the past few years, social engineering attacks have become more prevalent. One reason is that hackers find ways to exploit your trust. After all, if your friend sends you an email, it's your natural instinct to open it and follow the instructions he mentioned in the email. Once you follow the instructions, you open the door to allow hackers to use their cracking tools to get the information they need to steal money from your account. Additionally, it's now easier than ever to learn how to hack because of the immense popularity of online cracking communities like Breaking In, where users can find scripts and leaked software.

How do hackers use social engineering?

Since many online users are now more cautious about clicking on sketchy links, hackers are on the lookout for new ways to execute their fraudulent activities. Recently, Google services have become their favorite avenue to exploit, knowing that millions of people use them on a daily basis.

For one, Google Drive now has a collaboration feature that allows people to create push notifications or emails to invite others to work with them. Suppose you are working in your office and you want to invite a few employees to work with you. You use this feature to send an invitation. This feature also notifies its users whenever someone tags them or mentions them in a document. 

Scammers are exploiting this feature by sending push notifications to their targets and asking them to collaborate by working on some documents. That means you need to download the document and open it. But these documents contain links to malicious websites. In fact, you may not be able to open the document after downloading it. Instead, you will get in-app notifications on your Android device or even receive emails originating from Google to make the entire process look legitimate. 

The emails or notifications would contain shortened links that would redirect you to those malicious websites. Many Google users also received notifications in broken English or Russian linking the email to a Google Slides document sent from a Gmail account having a Russian name. When cyber experts cracked the case open, they found that it was a copy from another document. Cybercriminals regularly edited that malicious document, thus revealing that they replicated the scam multiple times by luring people to open it using the collaboration feature.  

What's the solution? Don't click on unsolicited links or open documents sent from unknown sources. If you aren't expecting any mail or notification from the sender, avoid opening the email in the first place.