Don’t get Social Engineered

Written By Rigsbee Smith

1. Understanding What Social Engineering Is

Social engineering is the psychological manipulation of people into performing actions or revealing confidential information. Unlike other cyberattacks, which rely on technical hacking methods, social engineering exploits human psychology.

2. Recognize Common Types of Social Engineering Attacks

  • Phishing: Fake emails, texts, or websites designed to look legitimate to trick you into sharing personal details or login information.

  • Spear Phishing: Targeted phishing attacks that use personalized information to make the attack more convincing.

  • Pretexting: An attacker pretends to need information to confirm your identity, often using a fabricated story or position.

  • Baiting: Enticing the target to engage with a malicious device or link by offering something desirable, like free music downloads or a "special offer."

  • Tailgating (Piggybacking): Gaining physical access to a secure location by following an authorized person without permission.

  • Quid Pro Quo: An attacker offers a benefit in exchange for information, such as pretending to be IT support offering “help” in exchange for login credentials.

3. Look for Red Flags in Communications

  • Urgency and Pressure Tactics: Attackers often create a sense of urgency to prevent you from thoroughly thinking through the action.

  • Suspicious Requests for Personal or Financial Information: Be wary of any unsolicited requests for sensitive information, especially if the request seems unusual.

  • Unusual Language or Tone: Odd grammar, spelling errors, or unusual language can indicate that a message is a fake.

  • Unfamiliar Sender Information: Verify email addresses, phone numbers, or social media handles. Attackers often use similar but slightly altered email addresses.

4. Verify Identities Before Sharing Information

  • Use Known Contact Methods: If someone claims to be from a company, contact the company directly using a known, legitimate phone number or email.

  • Verify With Another Source: For example, if you receive an urgent message from a “manager” asking for sensitive data, double-check with the person in another channel or speak to them directly.

  • Question Any Unusual Request: Trust your instincts. If something feels off, it’s always worth verifying before proceeding.

5. Safeguard Your Personal Information

  • Limit Social Media Sharing: Attackers use information from social media profiles to make their attacks more believable. Avoid sharing personal details like your birth date, address, phone number, or travel plans.

  • Be Mindful of “About Me” Information: Information about your job role, location, and work responsibilities can be used against you. Avoid sharing details publicly.

6. Stay Informed About Social Engineering Tactics

  • Regular Training and Updates: Staying up-to-date on the latest social engineering methods can help you recognize new types of attacks.

  • Participate in Simulated Phishing Campaigns: If your workplace offers simulated phishing campaigns, engage in them seriously to better recognize real attacks.

7. Implement Strong Security Practices

  • Use Two-Factor Authentication (2FA): 2FA can prevent unauthorized access to accounts, even if an attacker obtains your password.

  • Create Unique Passwords: Use unique passwords for different accounts, and change passwords regularly.

  • Avoid Unverified Links and Attachments: Don’t click on suspicious links or open unexpected attachments, especially in unsolicited messages.

8. Establish Verification Procedures

  • Implement Verification Codes for High-Security Requests: For organizations, require verification codes for high-security actions or changes in payment details.

  • Verify Internal Requests: Set up protocols for verifying internal requests, such as asking for in-person confirmation or using secure internal messaging for sensitive requests.

9. Use Technology to Detect Social Engineering Attempts

  • Spam Filters and Anti-Phishing Software: Set up spam filters and use anti-phishing software to reduce the likelihood of receiving phishing emails.

  • Network Security Measures: Use firewalls, antivirus software, and intrusion detection systems to block malicious sites or downloads.

10. Create a Culture of Caution in the Workplace

  • Encourage Questioning: Promote a culture where employees feel comfortable questioning suspicious behavior, even from “trusted” individuals.

  • Report Suspicious Incidents: Make it easy for employees to report suspicious activity, even if they aren’t certain it’s a threat.

  • Conduct Regular Security Audits: Regular audits can help identify gaps in security that might expose you to social engineering attacks.

11. Stay Alert for Unusual Situations

  • Be Cautious of Unfamiliar Faces in Secure Areas: In a workplace setting, watch for people in areas they shouldn’t be, such as tailgaters or someone trying to access secured sections.

  • Question Physical Security Breaches: Someone claiming they "forgot their badge" and asking for help entering is a potential risk if not verified.

12. Educate Friends and Family

Social engineering attacks can also target your family and friends, so educating them on these tactics helps extend the protective net. Share key points from this guide to keep them vigilant and less vulnerable to attacks.

Rigsbee Smith
Previous

What is the Dark Web
Next

How to Spot a crypto Scam