What is Social Engineering?
Social Engineering: The process of manipulating people, exploiting their trust in order to obtain confidential information such as passwords; commonly through a variety of media such as phone, email, and social media.
We’re so used to hearing about hackers that use their technical skills to break into computer systems and steal sensitive data. There is also another major type of hacker out there that exploits human psychology to obtain sensitive information. Their tactic is social engineering.
These cyber criminals do their homework researching your company. From learning everything they can from your social media sites, internet searches, and even jumping into dumpsters to check out your documents. They’ll soak up as much information they can in order to pinpoint the perfect attack using a credible story. Whether it’s by phone, email, or face to face. They will use their studied knowledge to get you to believe and trust them and take an action. That simple action can be anything from plugging in a USB, opening an email or attachment.
Here’s one example of a real social engineering spam email:
“Due to the rise in inclement weather, we’re committed to our employee’s safety and are in the process of upgrading our remote access gateway so that everybody has the opportunity to work from home. Please click the link below to install the new software. You will be asked to enter your credentials before continuing.”
It worked. Within an hour, Blow had more than 60 percent of the employees giving him their logon credentials. “By the time the information security department figured out what was going on (about 90 minutes), I had more than a 75 percent success rate. These users comprised a sampling from every department including marketing, IT, and C-level executives,” he says.
- Source: http://www.csoonline.com/article/2876707/social-engineering/social-engineering-stories-from-the-front-lines.html
Prevent yourself from becoming a victim of social engineering.
Learn the different types of social engineering schemes being practiced today.
Also read our recommendations how to deal with social engineering attacks.
Here’s three common types of social engineering scams to be aware of
USB Flash Drives:
Did you find a lost USB flash drive?
It seems tempting to peek what might be on the USB flash drive, right? That’s exactly what cyber criminals and hackers are hoping you will think.
These cyber thieves want more than anything for you to load it into your computer. Why? The second you load the device, it begins installing malware onto your laptop or computer.
Never load an unknown USB flash drive. They could have malware and keyloggers designed to harvest your personal information such as passwords.
Free Music / Software / Movie Downloads:
When cyber criminals run these free download sites, it seems too good to be true. And it usually is a form of social engineering, relying on and exploiting the user’s trust.
Upon receiving a free download, the user is asked for their login credentials in exchange.
Never trust a website offering free downloads in exchange for information. If you do visit websites that requite your email address, create a new email address dedicated for spam and not used as your primary email account shared with friends and family.
Phishing is the most common form of social engineering.
Phishing emails are highly crafted replica bogus emails designed to appear from trusted companies.
Cyber criminals send these phishing emails in hopes that you will click on their links or gain your personal information. Many rely on using the sense of urgency. Upon further inspection of the recipient, and grammar errors, once can usually detect a phishing email.
Never open an email that appears to be a phishing email. Be sure to have an anti-spam software running to help prevent phishing from entering your inbox.
Pretexting relies on creating trust with the potential victim. This type of scammer will try to gain personal information by exploiting trust with their victim. For example, a cyber criminal might pretend to need sensitive data to confirm your identity. They are known for creating a credible story in order to gain information from their victims.
Never give personal information over the phone or email to an unknown caller.
4. Quid Pro Quo
Quid Pro Quo is an offer such as a free T-shirt, pen, etc. in exchange for your login information. Anything that sounds too good to be true, usually is. Don’t fall for a Quid Pro Quo scam.
Do you work in a secure office building? If you’re required to scan a card to enter your office, don’t fall victim of Tailgating. This is when someone follows your to a restricted area and asks for you to hold the door open because they claim to have forgotten their RFID card. Tailgating can take on other forms such as someone borrowing your laptop or phone and installing malware. Never give a stranger the benefit of a doubt.
Most of these cyber criminals are good enough to fool the most cautious people. They truly understand the human psychology in order to exploit your judgement and trust. They will have you thinking their access is legitimate. Understanding these examples of social engineering will help you better prevent it from happening to you.
Here’s a few tips how you can prevent becoming a victim of social engineering scams:
- Lock your laptop when you’re away from your workstation
- Do not open emails from unknown people
- Use a hosted anti-spam service such as Proofpoint Essentials
- If you receive an email from friends or family that seems strange, call them to verify
- Keep your anti-virus software up to date
- Do not trust strangers with offers that seem too good to be true
- Never give out your login credentials / Update your login credentials often
- Have a good cloud backup of your data. in the unfortunate event your data is breached or becomes encrypted – you’ll be happy to have a backup.
Unbelievable Social Engineering Stories:
You have to read these stories how large retail companies have been victims of social engineering. It may “open your eyes” to see how easily employees and even store managers can be fooled by cleaver social engineers.