Recognizing and Preventing Social Engineering Attacks
Cybercrime is not a new concept. We’ve all heard about the email scams and ransomware attacks that happen every day and end up costing both individuals and businesses a ton of money. Most of us have become accustomed to seeing these types of stories in the news on a regular basis.
Unfortunately, there is also another type of attacker that lurks in the shadows – the social engineers. These attackers use different tactics to bypass technical security measures and solutions. Social engineering exploits the one weakness that every organization has: human psychology. Using phone calls and other media, social engineers try to trick people into providing information about their company and employees to use in cyber-attacks. Here is a bit more info on social engineering techniques and some steps your organization can take to avoid them.
Social Engineering Techniques
Phishing – This is one of the most popular social engineering attack types. Phishing scams are generally email or text message campaigns designed to create a sense of urgency, curiosity, or fear. These campaigns result in victims revealing sensitive information, clicking on a link to malicious websites, or opening attachments that contain malware.
Baiting – Baiting is very similar to phishing. However, what differentiates baiting is the promise of an item or good – such as free music or movie downloads – to trick users into providing their login credentials.
Pretexting – Attackers focus on a pretext or fabricated scenario to try and steal the victim’s personal or company information. Many times the scam is initiated by an attacker pretending to need sensitive information from a victim or an organization to perform a critical task. The attacker may impersonate a co-worker, customer, vendor, the police, or the bank to build a false sense of trust to get the information needed.
Tips to Help Avoid Social Engineering Attacks
Social engineers manipulate human feelings, such as curiosity and fear. It is important to stay vigilant and make sure everyone in your organization is aware of the threats out there and how to avoid them. Here are a few tips to help you:
- Don’t open emails or attachments from untrusted sources. If a message comes from a co-worker, customer or family member you know but seems suspicious, contact the sender in person or by phone if to verify that they sent the message before you open it.
- Just like email, it’s important to know who you are speaking with on the phone before providing personal information. When receiving cold calls from people asking for company information or contact information for co-workers, do not provide the information. Instead, ask the caller for their information and purpose of the call and offer to pass it along to the appropriate person within your organization.
- If an offer seems too good to be true, it probably is. Do not give strangers the benefit of the doubt. Try Googling an offer before acting on it to get more information or to see if it’s a known scam.
- Use anti-virus software and multifactor authentication. Because many attackers seek user credentials, using multifactor authentication helps ensure your account’s protection in the event of system compromise.
EDCi works closely with businesses to make sure their systems are safe and secure. If your organization needs help setting up or securing your environment, please contact us right away. We would like to see you prevent an attack instead of recover from one!