Social engineering exploits weaknesses in people rather than technology, preying upon the human propensity towards trust in particular. Often, these exploits are used to gather information to support a more targeted cyber attack, with the initial forays based on the premise of ‘little and often’ so as not to cause concern. Employees at all levels, including senior executives, are vulnerable.
Improving everyone's awareness and introducing simple technical measures is important as it can organizations can protect themselves against social engineering and the risk of a cyber attack and its potential impact on business.
Reduce the risk of social engineering
Here are some of the ways to reduce the risk of social engineering:
Think before you click
Attackers employ a sense of urgency to make you act first and think later in phishing attacks. When you get a highly urgent, high-pressure message, be sure to take a moment to check if the source is credible first.
The best way is to utilize another method of communication different from where the message is from like texting the person to see if they emailed you an urgent message or that was from an attacker.
Research the sources
Always be careful of any unsolicited messages. Check the domain links to see if they are real, and the person sending you the email if they are actual members of the organization.
Usually, a typo or spelling error is a dead giveaway.
Utilize a search engine, go to the company’s website, check their phone directory.
These are all simple, easy way to avoid getting spoofed. Hovering your cursor on a link before you actually click on it will reveal the link at the bottom, and is another way to make sure you are being redirected to the correct company’s website.
Email spoofing
Hackers, spammers, and social engineers are out to get your information, and they are taking over control of people’s accounts. Once they gain access, they will prey on your contacts. Even when the sender appears to be someone you are familiar with, it is still best practice to check with them if you aren’t expecting any email links or files from them.
Don’t download files you don’t know
If you don’t know the sender, don’t expect anything from the sender and don’t know if you should view the file they just send you with “URGENT” on the email headline, it’s safe not to open the message at all. You eliminate your risk to be an insider threat by doing so.
Offers and prizes are fake
If you receive an email from a Nigerian prince promising a large sum of money, chances are it’s a scam.
How to protect yourself from social engineering?
Here are some of the ways you can protect yourself from social engineering:
Delete any request for personal information or passwords. No one should be contacting you for your personal information via email unsolicitedly.
Reject requests for help or offers of help. Social engineers can and will either request your help with information or offer to help you. If you did not request any assistance from the sender, consider any requests or offers a scam. Do your own research about the sender before committing to sending them anything.
Set your spam filters to high. Your email software has spam filters. Check your settings, and set them to high to avoid risky messages flooding into your inbox. Just remember to check them periodically as it is possible legitimate messages could be trapped there from time to time.
Secure your devices. Install, maintain and update regularly your anti-virus software, firewalls, and email filters. Set your automatic updates on if you can, and only access secured websites. Consider VPN.
Always be mindful of risks. Double check, triple check any request you get for the correct information. Look out for cybersecurity news to take swift actions if you are affected by a recent breach. I recommend subscribing to a couple of morning newsletter to keep you up to date with the latest in InfoSec like Cyware or BetterCloud Monitor. If you are a podcast person, Decrypted by Bloomberg, DIY Cyber Guy and Reply All offer easy to digest information and news that’s very user-friendly.
Conclusion
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Everyone should be aware of cyber risk. Don’t wait until sensitive data is already in the sticky hands of hackers to react to a breach.
Want to get a protection on your internet?
Call us at +65 6262 0402 or email us at care@acebizservices.com to get the information details on your needs.