Social Engineering Explained: Part Two – 10 Tips to Avoid an Attack
A few weeks ago in part one of our social engineering series, we went over what social engineering is and common attack techniques that the everyday worker could come across.
Here’s a little refresher: Social engineering is the act of manipulation or influence that lures a potential victim into revealing confidential information such as a social security number, account information, credit card details or building access codes. Social engineering is a type of cyber-attack that works to get the better of people through deception and trickery rather than technological methods. These specific attacks take advantage of human vulnerabilities such as emotion, trust or habit to persuade individuals to take action such as clicking a malicious link or visiting a fake website. Some common types of social engineering attacks are phishing, pretexting and tailgating.
However, knowing what social engineering is is only half the battle of preventing these attacks: You must know how to defend yourself from these tricky cybercriminals. Lucky for you, we have come up with 10 tips to avoid becoming a victim to a social engineering attack:
1. Know how to spot fake emails. An email is likely malicious if it:
- requests confirmation of personal or financial information with high urgency.
- requests quick action by threatening the user with frightening information.
- is sent by unknown senders or a suspicious domain.
- is out of the ordinary or has bad grammar and/or spelling errors.
- contains an attachment or link that you weren’t expecting and/or doesn’t make sense in relation to message.
- has a link that has a different landing URL than displayed in the email
2. Never reveal personal or financial information via phone, email or on unsecure websites.
3. Be sure to make online transactions only on websites that use the https protocol.
4. Beware of emails that ask the user to contact a specific phone number to update user information.
5. If it sounds too good to be true, it probably is.
6. Beware of links to websites that request personal information, even if the email appears to come from a legitimate source. Phishing websites are often exact replicas of legitimate websites.
7. Avoid pop-ups; never enter personal information in a pop-up screen or click on it.
8. Implement proper defense systems such as spam filters, anti-virus software and a firewall.
9. Keep all systems, programs and apps updated.
10. If you’re a social network user, it’s essential to trust no one and reveal only a limited amount of information. Never post personal information, such as a vacation schedule and home photos. Keep your profiles/accounts private and don’t accept friend requests from strangers. Cybercriminals can use your public information to manipulate you in their next cyber-attack.
Social engineering is everywhere, online and offline. Your best defense against these kinds of attacks is to educate yourself so that you’re aware of the risks. When it comes to your business, you’re only as strong as your weakest link. It only takes one employee clicking on a malicious link to send your business into a downward spiral. This is why it’s so important to make sure you and your employees are properly educated in and practicing basic cybersecurity. At Elevated Tech, we provide extensive cybersecurity awareness training that will educate your staff on the best cybersecurity practices to keep your chain stronger than ever. Contact us today to learn more!