Social Engineering: The biggest cybersecurity threat to your business
The art of manipulation is a huge threat to both individuals and businesses; according to a recent study, 25% of social engineering attackers target businesses.
The biggest danger to your business could be your well-meaning staff.
Whilst investing in quality security features is a core way of shielding your organisation from malicious activity, the weakest link in the chain is often a trusting member of your team who has been fooled into revealing sensitive information.
Today, we’re discussing some common methods of social engineering and how to reduce your chances of becoming a victim.
Common forms of social engineering.
Hackers use social manipulation to trick people into willingly handing over passwords, bank details and other critical information. After all, it’s usually easier for criminals to deceive a person than it is to get past security software.
Watch out for:
Often, cybercriminals will ask you to click a hyperlink in an email or on a social media platform. It’s usually something you must check out and will frequently appear to have been sent by a friend or colleague.
In a similar way, hackers can secretly install ransomware and other malicious software onto your device by asking you to download an image, movie, document or music file.
More often than not, social engineering messages have a sense of urgency. It could be that your ‘friend’ is stuck abroad somewhere and needs funds to get home, or perhaps your bank or PayPal account requires immediate attention.
Requests for details.
Following on from this, many social engineers carefully craft messages so that they look like they’ve been sent by important service providers and agencies, such as HMRC, your bank or building society or an online retailer. They may ask you to “verify” your information, such as your name, address and passcodes.
A scenario or story.
Many social engineering scams involve some type of story or scenario. As we mentioned before, it could be a friend in a dire situation or that you are the winner of a competition. In this case, you could be asked to prove your identity by providing confidential credentials.
A response from a support service.
Another clever way that these fraudsters hook their prey is by creating a fake response email. For example, “Re: Urgent Problem” or “Re: Your request”. They can then pose as a helpdesk agent from a support centre in order to capture your private details.
We’ve put together some tips on how to spot a scam email here.
How to avoid social engineering tactics.
Whilst there are many ways that hackers can attempt to gain our info, there are also plenty of things we can do to avoid being stung.
Below are some “Dos and Don’ts”:
Before you hit that URL or hyperlink, check to see if it is legitimate. You can do this by hovering over the link to make sure the link hasn’t been masked.
I.e. It appears as “www.yourbank.com” but is actually “www.scam123456.co.uk”.
Do your research.
If you still think it is from your bank or a genuine source, try manually searching for the website in your browser. This way, you are in control of where that link redirects you to.
Unless you know that the sender is 100% reliable, never save attachments or download a file onto your machine. Always double-check with the supposed sender by either sending an email or giving them a call.
Do slow down.
Scammers thrive when people act fast. This is why they repeatedly use phrases like “Act Now”, “Take Action Today” and “Urgent”. Don’t jump into things, take your time to do research, and check the sender is authentic before handing over information.
Don’t give out information.
One way to avoid being caught out is never to share information over email, social media networks and other messaging platforms. Go into your bank, give the organisation a call or contact their helpline from their official website.
Do invest in the right technology.
After all, mistakes happen and even the most clued-up individuals can fall victim to social engineering. Add extra layers of protection by purchasing a quality antivirus and implementing a disaster recovery plan.
If you feel like you need more information on the dangers of social engineering and online scams, please contact us today.