Social Engineering | October Cybersecurity Awareness Month
Since it’s Cybersecurity month, we have spent some time discussing the different types of phishing scams and how to use multi-factor authentication. This week let’s dive into the faces behind these cyber-attacks…Social Engineers.
A social engineer tries to manipulate, influence, and deceive someone with the intent to gain access to their systems and sensitive information. Social engineering can happen through a variety of different methods. Whether it is the phone, email, or snail mail, if it is a communication method, a social engineer will try to exploit it! These engineers are often referred to as hackers, cybercrime mafia, or cybercriminals.
There are a few ways to spot a social engineering attack.
- The message is unexpected– While this seems like an intuitive sign, cybercriminals are clever and attempt to disguise themselves within communications you would assume to be expected. Some of the ways we see this are emails that appear to be from banks, escrow companies, health care clinics, or even your social media platforms. Aside from checking the email address, graphics, and links, you can weed out potentially harmful communications by asking if this message is expected. Most likely if you were not expecting the message, it is not a legitimate sender. We recommend reaching out to the institution or platform you suspect the message could be from directly before engaging with a suspicious message.
- The sender asks for something out of the ordinary-One the ways we see this is through messages that appear to be coworkers or supervisors. These messages sometimes ask the recipient to buy or do something they ordinarily wouldn’t make sense or have never done before. This can be another hint that a social engineer is attacking you. For situations like this, we recommend not engaging with the message, instead reach out to whomever the message appears to be from through an alternate channel.
- The requested action is potentially harmful-This is like asking for something out of the ordinary. Be sure to evaluate the request. If it is something that could be potentially harmful to you or the organization you are associated with, you may want to flag this as an attack and verify the request in another way.
- The attacker attaches an unusual file or URL- This was addressed in our phishing scam discussion- check all links and files before clicking on them! When in doubt don’t engage and report the message as suspicious.
- There is a sense of urgency– A clear indication that a message may be fraudulent is an unrealistic sense of urgency. These messages look like, passwords that must be reset within hours of seeing the message, or perhaps the message will say something about your accounts being compromised and needing to secure them ASAP. When you see these types of messages take a moment and pause. Think about whom the sender appears to be and ask yourself if the timeframe and request seem legitimate. Be sure to follow up with whom you think the sender might be via another known contact route.
You are the most effective defense against social engineering. The best way to keep your information and systems safe is by being diligent. By being aware of the messages you interact with and watching for a suspicious activity you can help keep those social engineering attacks from succeeding. Are you prepared and safe against cybersecurity threats? Call us today! We would love to help you!