Social engineering is a method cyber con artists use to lure well-meaning individuals into breaking normal security procedures. They appeal to vanity, authority or greed to exploit their victims. Even a simple willingness to help can be used to extract sensitive data. An attacker might pose as a coworker with an urgent problem that requires otherwise off-limits network resources, for example.
They can be devastatingly effective, and outrageously difficult to defend against. The key to shielding your network from this threat is a keen, ongoing awareness throughout your organization. To nip one of these scams in the bud, every member of your team must remain alert to these 5 Social Engineered Tactics:
Baiting
In baiting, the attacker dangles something enticing to move his victim to action. It could be a movie or music download. Or something like a USB flash drive with company logo, labeled “Executive Salary Summary 2018 Q1,” Left where a victim can easily find it. Once these files are downloaded, or the USB drive is plugged in, the person’s or company’s computer is infected, providing a point of access for the criminal.
Phishing
Phishing employs a fake e-mail, chat or website that appears legit. It may convey a message from a bank or other well-known entity asking to “verify” login information. Another ploy is a hacker conveying a well-disguised message claiming you are the “winner” of some prize, along with a request for banking information. Others even appear to be a plea from some charity following a natural disaster. And, unfortunately for the naive, these schemes can be insidiously effective.
Pre-texting
Pre-texting is the human version of phishing, where someone impersonates a trusted individual or authority figure to gain access to login details. It could be a fake IT support person supposedly needing to do maintenance…or an investigator performing a company audit. Other trusted roles might include police officer, tax authority or even custodial personnel, faking an identity to break into your network.
Quid Pro Quo
A con artist may offer to swap some nifty little goody for information… It could be a t-shirt, or access to an online game or service in exchange for login credentials. Or it could be a researcher asking for your password as part of an experiment with a $100 reward for completion. If it seems fishy, or just a little too good to be true, proceed with extreme caution, or just exit out.
Tailgating
When somebody follows you into a restricted area, physical or online, you may be dealing with a tailgater. For instance, a legit-looking person may ask you to hold open the door behind you because they forgot their company RFID card or someone asks to borrow your laptop or computer to perform a simple task, when in reality they are installing malware.
The problem with social engineering attacks is you can’t easily protect your network against them with a simple software or hardware fix. Your whole organization needs to be trained, alert and vigilant against this kind of incursion.
Not Sure If Your Safe? The First Step Would be a Network Assessment.
Fill Out The Form To The Right To Get Started.
Visit NCINDD.com for more details.