3 Social Engineering Attacks to Watch Out For!
Social Engineering targets every organisation’s weakness, human psychology. Attackers can use a variety of techniques to lure people into handing over sensitive company information. These are the 3 top social engineering attacks you need to look out for!
Phishing is probably the most well known social engineering attack, and one that companies are becoming more attuned to, yet phishing attacks can still be very effective. Phishing is where an attacker crafts a malicious email aiming to trick the receiver into providing confidential information or visiting a malicious website. These emails are often disguised as originating from a legitimate source, such as a bank or HR department.
The 2019 Verizon data breach report stated that almost a third of all cybersecurity breaches included phishing. While we may all think that we would know the difference between a fake email and a legitimate one, phishing emails are becoming more and more sophisticated, making them harder to detect. It’s important to have good antivirus software and email security and filtering to detect these emails before they reach the staff.
Another Social Engineering attack is called tailgating or piggybacking. Not all attacks are done remotely, and tailgating is a perfect example of how physical security controls can be bypassed. As the name might suggest, this is where an attacker follows an employee into a restricted area or building, potentially providing them with access to confidential infrastructure and data. For example, the attacker may impersonate a delivery driver or a construction worker to build a false pretence to get into the building.
While this may sound like something from James Bond, this is a social engineering attack that is very effective and targets medium-sized businesses in particular. This is definitely one to watch out for, even with security measures such as electronic door locks, staff will often try and be polite, holding the door open for other people. Help protect your business and encourage your staff to challenge any unrecognised personnel.
Pretexting is a type of social engineering attack where an attacker will lie to obtain privileged data. Pretexting attacks rely on creating a fake scenario, which the attacker then uses to try and steal their victim’s personal information. This social engineering attack can also be very effective in large companies. Attackers may masquerade as HR personnel to allow them to target low-level executives.
This was used in an attack against Hewlett Packard, allowing the attacker to access the phone records of the board of directors. This resulted in Hewlett Packard’s long term strategic plans to be published. Ensuring staff are aware of what pretexting scams are is a key way to ensure that private information stays private.
Ruptura InfoSecurity's Top Tips
It’s important to keep your business safe and secure, especially with more and more businesses operating remotely. These are our top tips to protect your business from social engineering attacks
If you need advice on your company’s security, both physical and digital, get in touch with one of our highly experienced consultants today.
Talk To Us!
Get in Touch To Discuss Your Requirements.
© 2021 Ruptura InfoSecurity Limited. All rights reserved.
Company No 11644559 | Suite 122, Milton Keynes Business Center, Linford Wood, Milton Keynes, MK14 6GD