Are Your Users Easy Prey for a Social Engineering Attack?
What is a social engineering hack?
Social engineering is when a criminal manipulates a victim into handing over login credentials or other information that can be used to stage a cyberattack or steal data.
This can be done via text message, email, chat, or even a phone call. A criminal may also ask for the ability to use your computer remotely to provide tech support, only to install malware to commandeer your system otherwise.
What makes social engineering effective?
Targeting is a key factor in scams. Criminals are skilled at identifying easy targets, which can range from overworked desk clerks eager to impress when someone posing as a supervisor contacts them to senior members of the workforce who may not be familiar with cybersecurity best practices.
Phishing campaigns are a typical kind of social engineering. If a criminal is able to get access to another person’s email account, they can contact their business or personal connections and inquire for important information.
How to spot social engineering
- Links. Watch out for messages that contain a link, as these can often land you on a malicious website or result in you downloading malware.
- Urgency. From emails that need immediate responses to emergency requests for login data, criminals know that urgency can cause people to set aside common sense instead of a quick response.
- Notifications of purchases you didn’t make. Sometimes campaigns involve emails that inform you of a purchase you never made or tell you that something you didn’t buy has shipped.
- Donation requests. Criminals may try to exploit your generosity by posing as a charity.
- Atypical communication. If you receive a message from a company or trustworthy person that contains unusual typos or is otherwise contrary to what you have come to expect, it is likely a scam.
- Too good to be true. Whether it’s a lucrative job offer or a contest you don’t recall entering, messages that seem too good to be true typically are.
How to prevent social engineering
- Training. Employees who receive and respond to high volumes of emails, phone calls, and other correspondences are on the front lines and need to be able to recognize a suspicious inquiry or message.
- Think before you respond. Slow down if you receive an urgent request or message before responding. Reach out to the sender using a different avenue to confirm that the message is legitimate.
- Reject and report. Emails that purport to be from companies asking for your login credentials or passwords are scams.
- Filter spam. Spam blockers can do a decent job of stopping suspicious emails before they appear in your inbox. Make sure that you’re using one.
- Secure your system. Preventing an attack from ever being mounted is best, but antivirus software should be installed across all devices on your network.
- Update your hardware. Network equipment with outdated firmware should be replaced if the firmware cannot be updated to manage today’s threats from taking hold.