Social engineering is a term that’s become more well-used in recent years, and its one everyone with a computer should be familiar with as remote work becomes the norm.
Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker can use a large variety of tactics in the execution of this kind of attack: email phishing, voice scams, and CEO fraud are all examples. They could pose as Microsoft or your IT company asking for your help in implementing a patch or fixing a virus on your system—their “fix” will contain the problem, and will compromise your system. These kinds of scams will become more prevalent as hackers try to prey on people working remotely.
These people will show up claiming they want to help you, but that is entirely false. These people’s actions can ruin even large corporations if the target is ignorant or careless with the risks. Don’t be the person that adds to that risk. So how do you protect yourself?
The single biggest action you can take against social engineering attacks is to educate your team; learn and understand all of the techniques these hackers will use against you, and set up clearly defined policies to help tighten general IT security. Learning the difference between general phishing attempts (email blasts masquerading as a trusted source) and spear phishing (a targeted email containing personal details about the target to force them into action) can massively improve the rate at which your team identifies and responds to these threats. This is even more important today, as remote work environments are becoming more and more necessary, because more employees will be using less secure personal computers to do their jobs.
Understanding lesser-known forms of social engineering is equally important; knowing that the attractive single that just friended you on Facebook is a scambot trying to trick you out of sensitive information is common, but knowing that a website you’re fond of can be loaded with malware and be used in a water-holing attack is much rarer. Being alert and wise to the risks is the first, most impactful step in social engineering defense.
Other changes you can make include implementing strict policy guidelines about any form of money transfer or payment system, having an approved list of people for specific topics, or requiring some form of multi-factor authentication. If you’re looking for a reliable IT resource, Attentus would be happy to set up a call with you and talk over your needs. Give us a call!