A new year may bring new hope and bright visions for businesses.
However, that feeling of optimism and euphoria can quickly turn to despair after a social engineering attack.
Social engineering uses psychological manipulation, tricking a person into sharing valuable or confidential information. A popular hacking method for cybercriminals, social engineering is becoming increasingly sophisticated.
Social engineering scam artists use the information they steal for malicious use, which includes money wiring scams, computer hacking, and infiltrating a network with malware. Phishing is probably the most known method of social engineering.
Phishing & Spear Phishing
The most common form of social engineering is phishing, which has been the cause of about 91% of data breaches. Phishing is performed through malignant emails disguised as legitimate senders or organizations. Those emails typically include links or attachments that contain a portal for attackers.
Phishing emails may also include the following:
• Typos or misspellings
• Grammar errors
• Urgency to act now or soon
• Generic greetings (“Dear Customer” or “Dear Sir/Madam”)
• Wrongly capitalized words
• Exclamation marks
Spear phishing is like phishing, except spear phishing attacks certain members of an organization, such as a CEO or financial manager, who may possess passwords, account numbers, credit card numbers, and more. Sophisticated attacks such as these require prevention at all costs.
Social Engineering Prevention
A single solution does not exist for preventing social engineering attacks, but several actions and precautions help lessen the likelihood of an attack. Companies can take the following measures to best protect themselves:
- Slow down and be skeptical; do more research or ask around before following any urgent requests or downloading attachments.
- Do not overshare information with random callers or inquirers asking whether the CEO is in town. A simple response of, “The CEO is not available,” would suffice and maintains professionalism.
- Train and educate employees on how to spot fraudulent emails and their common red flags.
- Back up data regularly and devise a backup and disaster recovery (BDR) plan.
- Lock and monitor computers and devices with PINS, passwords, or fingerprint recognition. A remote monitoring and management solution (RMM) may also be used by your IT provider to regularly scan and check a company’s infrastructure.
- Implement a checks and balances system so that wiring money requires two-factor authentication, multiple approvals, and/or phone verification.
- Call the US Secret Service office or report to your local FBI if a scam is suspected. Additionally, notify the company’s financial institution immediately to enable lockdowns on accounts.
Don’t let social engineering ruin company new year goals. An attack can occur within seconds. Safeguard against social engineering tricks with alertness and preparation.