What is social engineering, anyway?
In social engineering, a person uses manipulation to coerce another into divulging sensitive information. Social engineers can trick people into giving them sensitive information, letting them in, or even sending them money by playing on their emotions. Even though security methods and algorithms have gotten better, social engineers are now focusing on people to get around these protections.
Why break into a system when you can fool someone into letting you in? is the new motto of today’s hackers.
How can I spot social Engineering?
Social engineers like to impersonate authority figures like bosses, government agents, or lawyers. Since manipulation is their number one concern, they may play with your emotions and try to get your sympathy with sob stories or pretending to be in distress and as humans, we tend to make decisions that can lead to misery.
What are social engineers trying to do?
Social engineers are usually looking for information, privileged access, or money. They can get all these things by tricking other people with phony messages. And yes, it works. It has been estimated that 79% of social engineering attacks are successful.
What are some tricks social engineers use?
The common principles used by social engineers are numerous. For example, reciprocity: if they give you something, you’re more likely to give them something. Or sympathy: people won’t question the story of someone who looks like they’re in trouble.
What can you do to prevent social engineering?
1. Secure your computing devices.
Install anti-virus software, firewalls, and email filters and keep these up-to-date. Set your operating system to automatically update. Manually update it whenever you receive a notification. To do so use an anti-phishing tool to put your risk in the back seat.
2. Slow down the conversation
Double-check everything they say and don’t let yourself be hurried into a decision. A lot of social engineer stories can’t hold up to close inspection. Attackers want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics, be skeptical; never let their urgency influence your careful review.
3. Be cautious of your social media presence
It is always easier for attackers to craft more convincing phishing messages if there is a lot available about you on Social Media. If possible, use encryption for sending important data. If a colleague’s friend on Facebook shares a link with them unless indicated otherwise, they are very likely to click the link
4. Email Security is no joke
Hackers are no slouches: they’ve discovered how to make an email look like it’s coming from a reputable person or recognizable business. As intelligent hackers are using well-crafted emails camouflaged to appear as if they’re from people you know, colleagues, your bank, or even the government.
Always check the recipient (if it’s important, call the recipient to be sure that it’s really him who sent the mail). No wonder you receive emails from people who were themselves attacked. Never click on suspicious links and attachments from unknown senders.
Read about Email Impersonation here
5. Educate your organization on social engineering
Ensure all your employees know what social engineering is a term they have all probably heard somewhere but they might not all be aware of what the expression encompasses. Do they know what it means? Do they know what to do if they notice miscreant activity? Doing a regular check-in with your teams will keep their awareness up and their potential for making small mistakes.
Things to consider before taking social engineering casually
1. Human Error Is the Source of Most Security Breaches
Over 95% of all security incidents investigated were a result of “human error. Poor quality assurance practices lead to a loss of nearly $200 billion for corporations annually.
2. Late Updates Lead to Long-Term Vulnerabilities
Over 40% of respondents admit that they have delayed necessary updates for six months or more to complete other projects. 64% of corporate security breaches occur through known security vulnerabilities that were not updated.
3. Workers Would Rather Be “Polite” Than Safe
1 in 4 employees share corporate passwords over text or email. 52% would share their computers with colleagues
4. Employees Demonstrate Risky Behaviors
51% admitted to clicking on links they didn’t recognize in emails and personal messages 57% have downloaded browser extensions on their work devices.
It is a collective responsibility to stay vigilant from social engineering attacks!
Read this latest article on Forbes about Social Engineering Expand