top of page
Writer's pictureShidonna Raven

What is Social Engineering and Why You Should Care


Source: Triad

June 11, 2018

Photo Source: Unsplash, Pricilla Du Preez

“Social engineering” refers to different tactics used by perpetrators to trick, deceive, and manipulate people into giving out information for the purpose of gaining access to computer systems and sensitive company data.



Types of Social Engineering Attacks Social engineering attacks are divided into two main categories:

  • Targeted attacks, which involve sophisticated techniques and are aimed at specific organizations.

  • Mass attacks, which use basic tactics and are typically aimed at a large number of individuals.

Common social engineering tactics include:

  • Messages from “co-workers” When a hacker gains access to a company’s user accounts, he or she can send messages out to other employees, posing as a fellow employee. In general, these messages contain only a link or a document that needs to be downloaded. If you receive an email or message that looks suspicious, it’s better to double check with the sender before accessing the link or downloading the document.

  • Spear phishing attacks A phishing attack occurs when a phisher sends emails or messages that appear to come from a legitimate organization, such as a bank or a company that you do business with. Most spear phishing emails and messages state that there’s some kind of problem and require employees to verify security information by clicking on a link or providing specific data, such as personal information, passwords, or access details. After obtaining the information required, the hacker is able to access the company’s information system by using a legitimate login.

  • Vishing Vishing is another type of social engineering attack. Sometimes, cyber criminals call up different organizations and pretend to be representatives from other companies, auditors, or team members who have lost their passwords. Then they require employees to give them login details to internal servers, so they can access company accounts. Both phishing and vishing can give hackers the information they need to impersonate staff members, access confidential information, and even arrange fraudulent payments.

  • Dumpster diving This form of social engineering involves searching through a company’s trash for information that can be used to access its database. Unfortunately, many companies discard documents and electronic devices that contain sensitive information making this worth the dive through their trash.

  • Tailgating This is another common tactic social engineers use in order to physically get inside facilities. Assuming that a person is a co-worker who doesn’t have his access card on him, a real employee may allow him to enter the facility without question.

For years, social engineering has been a successful way for perpetrators to get inside computer systems and organizations.

Minimizing the Risks Here are a few tips on how you can reduce the risk of social engineering attacks schemes.

  • Inform your employees about the dangers of social engineering exploits. All of your employees should be aware that social engineering attacks are real and be familiar with the most common tactics.

  • Develop a comprehensive security awareness program that addresses general phishing threats and targeted cyber attacks. As an example, require your staff to log out of their accounts whenever they’re away from their workstations.

  • Instruct your employees to never open any emails from suspicious sources and contact the real sender by using the information you have on file and not the information provided in the email.

  • Make sure that your organization carries adequate cyber liability coverage and uses advanced firewall, antivirus, and intrusion detection software as well as complex login solutions, such as multi-factor authentication.

Social engineering attacks can be more complex, dangerous, and harmful than a simple data breach. While user education is the best defense against these attacks, comprehensive cyber liability coverage is particularly critical for protection against social engineering-related claims.


How can such practices impact one's health? Life? Why?





Share the wealth of health with your family and friends by sharing this article with 3 people today.


If this article was helpful to you, donate to the Shidonna Raven Garden and Cook E-Magazine Today. Thank you in advance.


Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page