How to beat social engineering

Social engineering is a broad spectrum of cyberattacks that typically aim at convincing people to give up very private and valuable information. These attackers are master manipulators who use strategic techniques to get their hands on your passwords, bank information, and other personal credentials. These are serious threats and pose a real risk to your livelihood and that is why here at Xpert, we want to get you informed and up to date on what to do when presented by a social engineering threat.

There are 3 common social engineering methods that you should be aware of in order to keep your network secure.

1. Social engineering loves email

Social engineering is on the rise and takes a variety of forms — like malicious emails (phishing). These bad boys can take your computer and online identity for a ride, so it’s important to know how to spot one.

First, always review your emails. You might receive a message from someone claiming to be a new employee or from a familiar brand that wants to do business with you. But how can you know for sure?

“When something feels off, it probably is. But since the whole point of phishing (and it’s more tailored and targeted counterpart spear phishing) is to get you to do something without raising alarm bells, you need to practice skepticism even when things seem fine,” says Lily Hay Newman, writing for Wired magazine.

And remember, phishing doesn’t just happen inside the traditional inbox. Watch out for potential attackers on social media, too. Research suggests that in total, more than 5% of phishing attacks are associated with social media.

2. Social engineering exists outside your inbox 

Social engineering can happen to anyone at any time — and yes, anywhere. And if you think your industry is safe, think again. 

The sector that experienced the most phishing attacks in 2019 wasn’t banking or finance but Pharmaceutical Manufacturers, retail and eCommerce companies, and government institutions.

While many social engineering attacks originate via email, you can still become the victim of a scam elsewhere — over the phone, from an ad on a website, and even in person. 

“Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information,” says the United States Computer Emergency Readiness Team (US-CERT). “If an unknown individual claim to be from a legitimate organization, try to verify his or her identity directly with the company.”

3. Social engineering banks on broken procedures

That’s right. Social engineering is a master at manipulating internal policies and procedures. 

Instead of hacking your system, they simply learn your policies. Afterward, they exploit the weaknesses that exist within those policies and use them as their tool of deception. 

For example, let’s say a criminal knows it takes two executives to approve a vendor payment over a certain threshold. The criminal poses as a vendor learns the names of your executives and send an email to you (another executive). 

Within the email, it says that XYZ executive has already approved the payment, and now, they’re just waiting on your approval. To make you feel rushed, they throw the word “urgent” into the subject line. 

Without second-guessing the “urgent” request, you quickly grant approval and send over the payment. 

Whoops.

In this case, a bit of skepticism and a few extra minutes could have made this social engineering attack unsuccessful. Long story short, remain suspicious of everything online.

But of course, social engineering goes well beyond this. It’ll take a lot more than a suspicion to ward off this type of attack. Therefore it’s best to have a secure network that is monitored by Xperts.

Reach out today

This information can be a bit scary, really understanding how exposed you can be to these attacks. But we hope this also brings some confidence the next time you encounter one of these tactics because now you will be knowledgable on how to avoid these kinds of attacks. 

Contact us today at Xpert if you have any questions about your network security.