The news is always full of stories of large corporations being brought to their knees by cyber-attacks, ransomware being most common at the moment. There is no denying that ransomware is scary and you should be prepared for it, but there is rarely any talk about the other ways that people can be exploited. The attackers we are talking about today are known as “Social Engineers” and they exploit the one common trait across all organisations: the human psyche.
There are various forms of social engineering, so let’s explore three of the most common ones and how we can identify and try to prevent these types of scams.
Phishing is a topic that we have spoken about before and is still the easiest and most common form of social engineering used today. Phishing scammers generally try to obtain your personal information by faking to be someone of relevance (eg. a bank), usually via email, phone calls, or text messages. As mentioned in our post about phishing, always remember to Stop, Calm, Analyse, and Notify (SCAN) when you feel you are being phished.
This is another way to steal personal information. The scammer will fabricate a believable scenario and try to exploit a person’s trust to get the information they require. The main difference between phishing and pretexting is that phishing uses urgency and fear to force a response, whereas pretexting uses trust. See some examples of pretexting scams here.
Baiting is a scam where you are offered a reward or gift for providing certain required information. The reward could be in the form of gift vouchers, airtime, downloads, etc., which generally end up being malicious pieces of software that, once installed or used, will be used by hackers to exploit your devices.
The easiest and most common advice to all organisations is that they should be aware that it is a possibility to fall victim to social engineering attempts. You should also:
– Not open any emails that you do not trust;
– Lock your device when you are not by it;
– Contact and notify your support members of suspicious activities; and
– Remember that if it sounds too good to be true, it probably is.
If you require any assistance with regards to security and compliance, or just some general guidance, please contact us. How else would you protect yourselves against social engineering scams? Leave a comment below, you may help someone out!