Often in these successful cyber-crimes, social engineering is also at work.
Social engineering in a broad sense is psychological manipulation. In the context of cyber crime specifically, social engineering is the non-technical part of hacking and its aim is to get people to do what you want them to do. It relies on human interaction in order to be successful and it’s all about tricking people into breaking normal security procedures.
With that in mind, there are some key things you need to know about social engineering if you’re going to give your business the best chance of avoiding this kind of cyber-crime.
First things first, social engineering is not new and it is not just a digital issue. Social engineering has been around since humans first developed language and it’s been used time and time again in the physical word, with criminals posing as reputable members of the public, such as police offers, in order to steal everything from money to secrets. In other words, don’t just be wary of social engineering when you are online, be mindful when you receive letters, meet new people and answer phone calls too.
Second, not all criminals are as good at social engineering as the next lot. What we mean by this is that the quality of their manipulation can vary. Chances are you have spotted some of the less successful attempts at phishing emails. Here are a few classic examples courtesy of phishing.org
But equally, there are other phishing scams that are very sophisticated and you probably never even batted an eyelid; that’s what makes social engineering so successful when it is done well. These types of attack typically don’t come with any warning, you won’t see a suspicious pop up, you won’t see an ad asking you to download something dodgy, you’ll just get another email or phone call, the same as you do every other day of the week, the only difference is that this one, isn’t as legitimate as it may look.
This being said, while the most sophisticated phishing scams can be hard to spot, there are a few tell-tale signs that give them away and some easy steps you can take to avoid failing victim to a scam. In no particular order…
- Do your own research. Even if an email is from a supplier you use and it looks legitimate and it sounds logical, do your own research to confirm it's genuine. Double check that the senders email address matches email addresses listed on the company website. Beware of generic greetings, most companies use personalisation because they have your name on their records. Bad grammar and typos are also another big red flag as most legitimate professionals go to great lengths to avoid these easy mistakes.
- Slow down. Part of the success of social engineering is that it encourages you to act first and think later, so even if an email says it’s urgent or creates a high-pressure environment, take your time and be sceptical.
- Avoid links. You don’t need to click a link to get to the end destination and if you’re suspicious about an email we’d definitely advise not clicking anything. Instead you can turn to the search engines to find you the legitimate link to a webpage and cross reference that URL with the one sent in an email.
- Don’t download. If you get a download you’re not expecting, don’t download it. Most of us know beforehand if someone is intending to send us information online, so if a download comes out of the blue, ignore it.
- Question things. Email hijacking is another common phishing tactic where hackers take over people’s email accounts and contact all their connections, so don’t just assume that an email from someone you know is an email you can trust. Question people on emails they send you before taking any action and chances are, that will reveal if the content is legitimate or not.
You should always remember that social engineering is big business. It affects all of us from one time to another and it is being used more and more to target big enterprises as well as small and medium sized businesses. It’s everywhere, so don’t let your guard down. Set your email spam filters to high, make staff aware of the latest cyber attacks and train them on what to look out for, create rigid security procedures and always, always, always take your security seriously.
If you’re interested in protecting your business from cyber attacks and social engineering in particular, talk to our experts
today and we’ll help you beef up your security.