Cyber criminals no longer necessarily hack your accounts or infect your systems to steal your information. These days, they often trick you into making a mistake. This kind of attack is called social engineering, and your common sense is your most powerful defense against it.
There are some infamous and famous social engineering attacks that have done considerable damage to businesses in recent years.
Let’s say you receive a call from your computer support company. They tell you your computer is at risk or has a problem and they can help you solve it. They then proceed to baffle you with technical terms and talk you through how to find some files. You confirm the files are there and they confirm the problem is real.
Their next step is to convince you to buy some software remotely or give them remote access so they can fix your problem. The moment you agree to giving them control is the moment they steal your data.
You receive an email from your boss or co-worker. The email asks you to urgently send them some information. You know it is information they could possibly need. So when they ask you to bypass normal security procedures and send it to their personal Gmail account, you just do it. The problem is, the person you’re emailing isn’t your boss or co-worker.
So how do you stop such attacks?
You can’t. However, you can use common sense to identify whether it is likely to be one. Here’s 4 ways to identify a likely social engineering attack.
1. Does it sound too good to be true?
If you receive an email that says you’ve won a car, and you haven’t entered a competition to win a car, then you’re more likely to be the target of a social engineering attack than a new car winner.
2. What’s the rush?
If someone wants something urgently from you or is pushing you to take urgent action, they are attempting to fool you into making a mistake. Don’t fall for it.
3. Why would my friend or work colleague say that?
If you receive an email from someone and it doesn’t sound like them, it probably isn’t. It’s more likely to be someone impersonating them and attempting to trick you.
4. Why would they be asking me for that?
If you receive a request for your password or other information, such as account numbers, or information the person sending the email should already have access to, it probably isn’t a legitimate request.
Ensure all of your staff are trained and prepared and there are appropriate processes and procedures in place. A social engineering attack could be aimed at anyone in your organisation, from the CEO down. Communicate with your staff and let them know if they suspect something is wrong to stop communication immediately and to report it to the management team.
Also have a look at 5 ways to protect yourself from whale phishing and 10 tips for educating employees about cyber security.
If you need any assistance with your IT security strategy or any advice around your technology requirements please call us on 130 478 738 or email us at firstname.lastname@example.org.
Call us today on 1300 478 738 or email email@example.com to discuss your requirements.