Think your credentials are safe because you are small, or hackers don’t care anything about your business or data/files? Think again. Watch as a woman uses a crying baby simulator to hack into an account. It is shocking and absolutely terrifying how easy it is. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. People with an online account should watch for phishing attacks and other forms of social engineering.
There are 4 types of social engineering:
4. Quid Pro Quo
Phishing – most common type of social engineering. Goal is to:
Obtain personal information such as names, addresses and Social Security Numbers.
Use shortened or misleading links that redirect users to suspicious websites that host phishing landing pages.
Incorporate threats, fear and a sense of urgency in an attempt to manipulate the user into responding quickly.
Pretexting – is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario. More advanced attacks sometimes try to trick their targets into doing something that abuses an organization’s digital and/or physical weaknesses. For example, an attacker might impersonate an external IT services auditor so that they can talk a target company’s physical security team into letting them into the building.
Baiting – is the promise of an item or good that malicious actors use to entice victims.
Quid Pro Quo – the promise of a benefit in exchange for information. Can be highly sophisticated or as simple as a free chocolate bar.
Tailgating – also know as piggybacking. This is when someone without the proper authentication follows an authenticated employee into a restricted area.
How To Stay Safe:
NEVER open emails from untrusted sources
Do NOT click on links in untrusted emails
Provide Cyber Security Training for employees
Did you know 1 in 3 small to medium sized businesses will suffer a cyber attack? AND 90% of ransomware attacks are deployed using email and counting on human error.