We’re halfway through the summer season, and vacations may be scheduled on the calendar.
As a business owner, leaving for a trip can mean leaving my company more vulnerable to social engineering.
Social engineering uses psychological manipulation, tricking a person into sharing valuable or confidential information. A popular hacking method for cybercriminals, social engineering is becoming increasingly sophisticated.
This type of scam artist uses the information they steal for malicious use. Similar attacks include money wiring scams, computer hacking, and infiltrating a network with malware. The most infamous method of social engineering is phishing.
Phishing & Spear Phishing
The most common form of social engineering is phishing, which has been the cause of about 91% of data breaches.
A phishing attack is performed through malignant emails disguised as legitimate senders or organizations.
Emails typically include links or attachments that contain a cyber portal for attackers. These emails usually also include the following red flags:
- Typos or misspellings
- Grammatical errors
- Urgency to act now or soon
- Generic greetings (“Dear Customer” or “Dear Sir/Madam”)
- Wrongly capitalized words
- Exclamation marks
Particularly, spear phishing targets certain members of an organization. This commonly will be a CEO or CFO, who usually possess passwords, account numbers, credit card numbers, and more. Sophisticated attacks such as these require prevention at all costs.
Preventing Attacks
A single solution does not exist for preventing social engineering attacks, but taking precautions helps lessen the likelihood of an attack.
Companies can take the following measures to best protect themselves:
- Slow down and be skeptical; do more research or ask around before following any urgent requests or downloading attachments.
- Do not overshare information with random callers or inquirers asking whether the CEO or owner is in town. A simple response of, “The CEO is not available,” would suffice and maintains professionalism.
- Train and educate employees on how to spot fraudulent emails and their common red flags.
- Back up data regularly and devise a backup and disaster recovery (BDR) plan.
- Lock and monitor computers and devices with PINS, passwords, or fingerprint recognition. A monitoring and management solution (RMM) is necessary for your IT provider to regularly scan and check a company’s infrastructure.
- Implement a checks and balances system so that wiring money requires two-factor authentication, multiple approvals, and/or phone verification.
- Call the US Secret Service office or report to your local FBI if you suspect you are the target of a scam. Additionally, notify the company’s financial institution immediately to enable lockdowns on accounts.
Cybercriminals like to find weak links and attack companies when they know of the owner’s absence. Make sure that preventative measures are set and employees are prepared and alert while managers or owners are away.
