Social Engineering:
“Cyber Security” covers a LOT of digital territory and responsibility for it belongs to every user within an organization. No matter how much time, money, and effort a company puts into its cyber security efforts in the background, a single user can open the door for a digital intruder who can lay waste to everything.
Every user of a computer is subject to a social engineering attack. In such an attack, the goal is to tempt or trick a user to provide their credentials to some computer resource – for example, their workstation or laptop; their e-mail, or their network logon – so the attacker can gain access to the resource. Once the attacker gains access, they leverage that access to penetrate even deeper into the user or company’s privacy to either gain access to data that is usable to the attacker, or to exploit the resource to attack other systems or networks.
Whatever the reason, for the social engineering attack, it is always up to the end user to halt it in its tracks! To do that, it helps to know what a social engineering attack “looks” like.
The most common social engineering attacks occur via e-mail. Typically, a user receives an e-mail that is unexpected, unusual or ominous. The e-mail will usually try to get the user to act with urgency. Phrases like, “…act quickly…”, “…don’t miss this opportunity…” and terms such-as “…critical…” and “…important…” are used. Warnings about dire consequences – business-critical services being interrupted, or the user’s reputation will be harmed if no action is taken – are common.
Once an attacker has the user’s attention with dire warnings and serious consequences, they want the user to do something RIGHT NOW!!! “To get this important message, click this link and enter your e-mail address and password!” is a favorite one that is used to gain access to a personal or corporate e-mail account.
Don’t fall for their non-sense…ever. To ease your concerns over whether a message is legitimate or not doesn’t take long. Just follow these simple steps;
First, does the message make sense? Is the message formatted like other messages? Does the message read like a typical business communication? Do any links in the message (don’t click them, just hover the mouse pointer over a link to read where it links-to) match the supposed message sender or the message content?
Next, what’s the rush? Social engineering messages almost always try to develop a sense of urgency in the user. The attacker wants the end user to ACT before THINKING…because if the users ACTS it’s too late to think. Generally, the more urgent the message seems, the more likely it is a social engineering attack.
Last, is the message trying to get the user to do something unusual or unexpected? “Click this link, that goes to this weird web address, and enter your e-mail address AND password, to get this very important thing…or, to fix this very serious problem…or, to keep us from releasing all your secrets…or, whatever. Oh, and you better hurry! hurry!! hurry!!!”
Don’t fall for it… and if you do, don’t hesitate to let your I.T. Management Team know you did. Falling for a social engineering attack is not commonly a job-ending event. Knowing you fell for one, then not speaking up so that the damage can be stopped and corrected quickly, commonly is.
If you need help with your cyber security plan or any security related mission, contact us by completing the contact form. Someone from our team will be in contact with you as soon as possible. As always, stay vigilant.