Did you know you can hack a human? When we think of hacking, we think of code, we think of passwords or data protection, but we don’t think about human error.
Humans can be the weakest link when it comes to data security because of social engineering. Social engineering is a manipulative practice that gets targets to divulge more than they need to or allows bad actors to gain access to restricted areas.
There are some very popular forms of social engineering that we all encounter in everyday life. These are the most common:
Phishing scams are emails that lead to fake sites that look legitimate to trick people into using their credentials. This is easily avoided by using a password manager. Password managers monitor the address of the website you’re using. Getting your team on a password manager as soon as possible is a good way to guard against phishing.
The next most common is baiting. If you have ever received an invitation to a cruise or a gift you didn’t earn, then you know it’s probably a scam. These scams are looking for sensitive personal information so they can guess your passwords or answer your security questions. Another type of baiting is a social media post that asks for a seemingly innocuous piece of information like your “Middle name” or your “first pet” to make a “Star Wars Name”. Those are easy to overlook because we often underestimate how dangerous it is to divulge these types of personal information.
Another important social engineering technique is called pretexting. If you get a call from an unfamiliar number asking for sensitive information to “verify your account”, you could fall prey to Pretexting. These attacks come in the form of impersonation of an authority who is asking for your data and can be very easy to fall for if you are in a hurry or not on the lookout for such attacks. A good way to verify such things is to reach out via another channel to the organization they are pretending to be with and confirm their identity. Switching from just communicating via text to adding voice and video also helps with establishing legitimacy.
One of the most common online social engineering techniques is to use scareware. This is when a user is tricked into buying fake antivirus or installing malware on their computer because of a warning that their computer is infected. It’s one of the easier-to-detect types of social engineering and if your computers are being maintained by professionals, you shouldn’t have problems of this type. Or you should be hearing about problems from them, not from the internet.
Tailgating is when social engineers slip in unannounced after authorized personnel. This is more of an IRL problem than a digital one and can be remedied with adherence to proper entryway security protocol.
There are also long cons when it comes to social engineering. People can show up impersonating authorities, flashing badges, and stating that they come for inspections or other such pretexts. These audits from the government or other entities are usually announced with an official memo. Always check the credentials of any visitors who are going to be allowed access to your facilities.
These are just the most common types of social engineering. While it might seem like these scams are too obvious to fall for, remember that we are all busy people who have to deal with bills and collectors, and multiple logins every day. It’s easy to lose that sense of constant vigilance. And all it takes is one person to slip up once and they can create a massive security breach. By employing some of these solutions, you can protect yourself and your team from these types of attacks.
By Snow Schnabel | May 21, 2023
Snow Schnabel is a writer for Journalixm. If you are interested in more articles about Cyber Security, check out journalixm.com