Don’t be a victim of social engineering
As a true crime junkie, the idea of social engineering is intriguing to me; it also presents a significant risk for our members. We are aware of at least two instances of social engineering at our member agencies in 2020 and unfortunately there are likely to be more by year end. To try to prevent additional ‘attacks’, here is some education to share with family, friends and colleagues – because knowledge is the best defense against this type of criminal.
“Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate you are completely exposed to whatever risk he represents.” (“What is Social Engineering?” www.webroot.com)
Social engineering is when a cyber criminal manipulates a person into providing confidential information. This act is typically done by either posing as a friend or posing as someone you know or by posing as a friend or by acting as another trusted source (think vendor or customer).
Friends
Oh look, grandma forwarded a cute email chain!
If you receive something that you need to “click on the link” to access or that you need to download, pause and think twice about what (or who) might be hiding behind that request. Links and downloads are some of the easiest ways for has hackers to gain access to your computer, email accounts, social media accounts and contact lists.
Trusted Sources
I need to make this payment!
According to an annual data breach report from Verizon, phishing attacks and pretexting are responsible for 93% of successful data breaches. The reason for their success might be the tactics that are used to get the attention of the person on the receiving end. Here are examples of what to look for so you can avoid an expensive breach.
· Displays an urgency to help a friend in need
· Seems to come from a familiar sender either as an email, text, instant message from a well-known company, bank or other institution
· Request for a charitable donation
· Request for you to verify information
· Notification that you’ve won and need to claim your prize
· Posing as a boss or colleague
It would be very difficult, if not impossible to avoid becoming a target, but you can arm yourself with knowledge so that you don’t fall into a spammers trap. Educate yourself and all employees about what to look for to keep your information safe.