Thomas Guard by Thomas Group

Worry-Free IT Support at a Fixed Monthly Rate

beware of social engineering on a laptop screen along a gray backdrop with corresponding icon
CyberSecurity

Social Engineering – BEWARE!

admin

beware of social engineering on a laptop screen along a gray backdrop with corresponding icon

Social engineering describes “a manipulation technique that exploits human error to gain private information, access, or valuables.” In short, this aims to hack your network using viruses and other infiltrations in order to gain private data to sell on the dark web.

Objectives

Social engineering holds a two-part goal:

  1. Sabotage
  2. Theft

Think of the general inconvenience and struggles that accompany being the victim of theft – informing your company, alerting your bank and issuing new cards or accounts, changing all charge accounts associated with your stolen information, etc. Now, add in that every moment passing brings the thief another moment longer with your private data. One breach results in considerable damage!

Social engineering happens in a relatively simple way. First to note is the approach, which becomes a more subtle, self-motivating method vs. a traditional use of brute force. In social engineering, attackers lure victims to willingly provide them with their information. They do this through learning enough information about your or your organization to strike up a conversation. Once an established relationship forms (either online or in-person), the attacker finds the weakness and invades your system. When the breach completes, the relationship dissolves.

Luring Methods

Social engineering offers a variety of different methods for attackers to strike.

  • Phishing – using fake emails and/or websites to trick users into revealing sensitive and confidential data
  • Spear Phishing – targeting a specific person for phishing by using their personal information
  • Vishing – fooling users to divulge sensitive information over the phone by pretending to be someone else
  • Smishing – fraudulent SMS designed to trick users into sharing sensitive information
  • Impersonation – pretexting as another person to obtain information or access to a person, company, or system

While these methods may seem easy to spot, you’d be fooled! In 2020, COVID-19 inspired attackers to create phishing content posing as the Center for Disease Control and/or the World Health Organization. These successful attacks increased cybercrime by 600% according to PurpleSec.

Proactive Protection

Simple actions arm your devices and applications with the highest amount of cybersecurity possible, such as:

  • not clicking direct links in emails, texts, and social media messages. You’re safer going directly to the source yourself.
  • getting in the habit of asking where the link leads. Don’t open email attachments immediately, and verify with the sender that the link sent was intentional.
  • s l o w   d o w n. Most attackers create a sense of urgency. Before acting, reflect on if what is being asked is necessary and legitimate.
  • think before you post. Oversharing voluntarily gives hackers private or sensitive information. When posting, only share what is asked of you and don’t divulge extra details.
  • maintain password hygiene. Varying your passwords and regularly changing them provides additional protection to your accounts. Don’t worry about needing to remember them all. Using a password protector, such as 1Password, stores all of this information for you easily.

For more information on how to protect yourself, your employees, and your business from cyber threats, contact us today.