How to Spot Social Engineering

Social engineering – in the context of information security, is the use of deception to manipulate people into divulging confidential or personal information that can be used for fraudulent purposes.

Today, social engineering is one of the greatest security threats facing organizations.¹

When successful, attackers gain legitimate access to information, making it hard to spot (or stop) before it’s too late. It is a non-technical strategy that relies on human interaction to ambush people.

Social engineering is effective and hard to detect. Investing in hardware and software solutions can help protect your business, but won’t be enough to completely prevent attempts. Due to the deceptive nature of these tactics, it is important to gain understanding of the different strategies used, and how to recognize them.

The concept of social engineering has been around for centuries. Greek mythology introduced this idea during the Trojan War, where the Greeks won by tacitly building a hollow horse and filling it with soldiers. The Trojans interpreted the horse as a gift, thus bringing it into the gates of the city of Troy. Later while the city was asleep, the Greek soldiers crept out of the horse and destroyed Troy, ending the war.

The “Trojan Horse” (or just “Trojan”) is a common tactic cybercriminal use to develop a virus or malware that masks its malicious intentions by making its appearance look harmless and normal. An example of a trojan is a pop-up that says your Adobe Reader is outdated and you must install the software to update. If you install the software, the trojan will attack your system and steal your personal information. Trojan horses are only one of the billion different social engineering attacks that involve information technology.

Another common social engineering attack cybercriminals are well-versed in are “phishing” emails. While trojans are traditionally virus-based, phishing, on the other hand, are email-based. Phishing can be thought of as an email-based Trojan horse, where the email deceives you by seeming credited, however, is corrupted and attempts to harness your sensitive information. Hackers are very clever these days with their approaches and tend to pose as people you trust the most such as, your CEO, accountant, or even your best friend. It is important to note that any system that uses the internet (PC, Mac, smartphone, tablet) is prone to catching malware. For that reason, it is important for you and your company to have professionals, like Techmedics, secure and protect your systems from cybercriminals that may steal millions of dollars.

‍

Types of Social Engineering Strategies

‍

3 Tips to Protect Your Business

1. Layered Security - What do we mean when we say "Layered Security"? Think of your house, fully equipped with locks on the doors. Some people may think that's enough to keep the bad guys out, but it won't stop everyone. Recommending a layered approach would be like recommending the installation of a gate, attack dogs, surveillance cameras, and a shark-filled moat.
2. Update Business Processes - Some things are unavoidable due to the "human factor". If something get's past your security and finds it way to you or a colleague, business processes should constantly be updated to close any loopholes. For example, anything that involves wire transfers or issuing payments over a specified threshold should require signature approval from the CEO and CFO.
3. Educate Colleagues - Education is important. You're only as strong as your weakest link. Schedule mandatory training for all employees on a yearly basis, at minimum. You can also recommend good sources for tips, like our social media accounts and newsletter for example.

Social engineering could make its way into your business at some point. You can pour your entire IT budget into cybersecurity products, and that might help. But, hackers may still find a way around those protections. Use the three tips listed above to help protect your network from social engineering attacks.