Cyber criminals no longer necessarily hack your accounts or infect your systems to steal your information. These days, they often trick you into making a mistake. This kind of attack is called social engineering, and your common sense is your most powerful defence against it. With this article you will be better equiped for recognising a social engineering attack.
Let’s say you receive a call from your computer support company. They tell you your computer is at risk or has a problem and they can help you solve it. They then proceed to baffle you with technical terms and talk you through how to find some files. You confirm the files are there and they confirm the problem is real.
Their next step is to convince you to buy some software remotely or give them remote access so they can fix your problem. The moment you agree to giving them control is the moment they steal your data.
You receive an email from your boss or co-worker. The email asks you to urgently send them some information. You know it is information they could possibly need. So when they ask you to bypass normal security procedures and send it to their personal Gmail account, you just do it. The problem is, the person you’re emailing isn’t your boss or co-worker.
So how do you stop such attacks?
You can’t. However, you can use common sense to identify whether it is likely to be one. Recognising a Social Engineering Attack before it is too late can save you a lot of pain and money. Here’s 4 ways to identify a likely social engineering attack.
1. Does it sound too good to be true?
If you receive an email that says you’ve won a car, and you haven’t entered a competition to win a car, then you’re more likely to be the target of a social engineering attack than a new car winner.
2. What’s the rush?
If someone wants something urgently from you or is pushing you to take urgent action, they are attempting to fool you into making a mistake. Don’t fall for it.
3. Why would my friend or work colleague say that?
If you receive an email from someone and it doesn’t sound like them, it probably isn’t. It’s more likely to be someone impersonating them and attempting to trick you.
4. Why would they be asking me for that?
If you receive a request for your password or other information, such as account numbers, or information the person sending the email should already have access to, it probably isn’t a legitimate request.
Ensure all of your staff are trained and prepared and there are appropriate processes and procedures in place. A social engineering attack could be aimed at anyone in your organisation, from the CEO down. Communicate with your staff and let them know, if they suspect something is wrong to stop communication immediately and to report it to the management team.
Also have a look at WHALE PHISHING AND HOW TO PROTECT YOURSELF FROM IT and CYBER SECURITY – 10 WAYS YOU CAN EDUCATE YOUR EMPLOYEES.
Get a IT Partner you can count on.
Multi IT & Telephony Solutions has been handling IT for more than 30 years now. Recognising a Social Engineering Attack is only the first step, with our highly qualified technical team we will be able to assess your security shortfalls as well as implement effective security strategies to keep you and your organisation safe. Contact us today for your free IT audit.