Social Engineering targets every organisation’s weakness, human psychology. Attackers can use a variety of techniques to lure people into handing over sensitive company information. These are the 3 top social engineering attacks you need to look out for!
Phishing is probably the most well known social engineering attack, and one that companies are becoming more attuned to, yet phishing attacks can still be very effective. Phishing is where an attacker crafts a malicious email aiming to trick the receiver into providing confidential information or visiting a malicious website. These emails are often disguised as originating from a legitimate source, such as a bank or HR department.
The 2019 Verizon data breach report stated that almost a third of all cybersecurity breaches included phishing. While we may all think that we would know the difference between a fake email and a legitimate one, phishing emails are becoming more and more sophisticated, making them harder to detect. It’s important to have good antivirus software and email security and filtering to detect these emails before they reach the staff.
Another Social Engineering attack is called tailgating or piggybacking. Not all attacks are done remotely, and tailgating is a perfect example of how physical security controls can be bypassed. As the name might suggest, this is where an attacker follows an employee into a restricted area or building, potentially providing them with access to confidential infrastructure and data. For example, the attacker may impersonate a delivery driver or a construction worker to build a false pretence to get into the building. While this may sound like something from James Bond, this is a social engineering attack that is very effective and targets medium-sized businesses in particular. This is definitely one to watch out for, even with security measures such as electronic door locks, staff will often try and be polite, holding the door open for other people. Help protect your business and encourage your staff to challenge any unrecognised personnel.
Pretexting is a type of social engineering attack where an attacker will lie to obtain privileged data. Pretexting attacks rely on creating a fake scenario, which the attacker then uses to try and steal their victim’s personal information. This social engineering attack can also be very effective in large companies. Attackers may masquerade as HR personnel to allow them to target low-level executives. This was used in an attack against Hewlett Packard, allowing the attacker to access the phone records of the board of directors. This resulted in Hewlett Packard’s long term strategic plans to be published. Ensuring staff are aware of what pretexting scams are is a key way to ensure that private information stays private.
Our Top Tips
It’s important to keep your business safe and secure, especially with more and more businesses operating remotely. These are our top tips to protect your business from social engineering attacks.
- Do not open any emails from untrusted sources. If you think it looks strange, or it doesn’t feel right, do not open the email. You can always check with the company’s head office, but never call the number on the suspicious email.
- Do not give away any personal information. You should never share passwords, confidential data or one-time passcodes.
- Make sure that your staff are properly trained. A robust security policy needs to be in place which employees are regularly made aware of. Make sure that doors aren’t left open in the summer and that only staff members are in the building. A good idea is to put reminder signs on the doors.
If you need advice on your company’s security, both physical and digital, get in touch with one of our highly experienced consultants today.