What is social engineering?

Social engineering uses psychological manipulation, tricking a person into sharing valuable or confidential information. A popular hacking method for cybercriminals, social engineering is becoming increasingly sophisticated.

Social engineering scam artists use the information they steal for malicious use, which includes money wiring scams, computer hacking, and infiltrating a network with malware.

Phishing & Spear Phishing

The most common form of social engineering is phishing, which has been the cause of about 91% of data breaches. Phishing is performed through malignant emails disguised as legitimate senders or organizations emails that typically include links or attachments containing a portal for attackers.

Phishing emails may also include the following:

• Typographical errors or misspelling

• Grammatical errors

• Urgency to act now or soon

• Generic greetings (“Dear Customer” or “Dear Sir/Madam”)

• Erroneously capitalized words

• Exclamation marks

Spear phishing is like phishing, except spear phishing attacks certain members of an organization, such as a CEO or financial manager, who may possess passwords, account numbers, credit card numbers, and more. Because these attacks are inherently more sophisticated,  it is imperative to prevent them at all costs.

Preventing Attacks

A single solution does not exist for preventing social engineering attacks, but several actions and precautions help lessen the likelihood of an attack. Companies can take the following measures to best protect themselves:

• Slow down and be skeptical; do more research or ask around before following any urgent requests or downloading attachments.

• Do not overshare information with random callers or inquirers asking whether the CEO is in town. For example, a simple response of, “The CEO is not available,” is sufficient and maintains professionalism.

• Train and educate employees on how to spot fraudulent emails and their common red flags.

• Back up data regularly and devise a backup and disaster recovery (BDR) plan.

• Lock and monitor computers and devices with PINS, passwords, or fingerprint recognition. A remote monitoring and management solution (RMM) may also be used by your IT provider to regularly scan and check a company’s infrastructure.

• Implement a checks and balances system so that wiring money requires two-factor authentication, multiple approvals, and/or phone verification.

• Call the US Secret Service office or report to your local FBI if a scam is suspected. Additionally, notify the company’s financial institution immediately to enable lockdowns on accounts.

Become familiar with social engineering tricks and safeguard against them by staying prepared and alert.

An attack can occur within seconds; don’t let a simple click be the downfall of an organization.