Social engineering is a way for criminals to manipulate people into giving them information that would make it easier for them to gain access to your building or IT  system. This can be anything from a survey on Facebook to a phone call with a crying baby in the background or an email from what appears to be your boss asking you to transfer money into an account urgently.

How can you guard against this?

It is all about knowing who and what to trust. If something feels slightly off then question it, ask for a number to call back on, always follow up an email with request for money with a call to the person it is purporting to come from, don’t answer any Facebook surveys that ask for the name of your pet or your birthplace, these are both common words used in passwords.

What do I look out for?

Emails that contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and be infected with malware so the criminal can take over your machine and collect your contacts info and deceive them just like you were deceived

Or a text message that contains a download of pictures, music, movie, document, etc., that has malicious software embedded. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal has access to your machine, email account, social network accounts and contacts, and the attack spreads to everyone you know. And on, and on.

You could be asked to donate to a charitable fundraiser, or some other cause. Likely with instructions on how to send the money to the criminal. Preying on kindness and generosity, these phishers ask for aid or support for whatever disaster, political campaign, or charity is momentarily top-of-mind.

Top tips to prevent social engineering

1. Slow down. Even if you think it is urgent because of the tone of the request, take the time to question whether it is legitimate or no.
2. Research the facts. Always err on the side of caution, in this case guilty until proven innocent.
3. Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
4. Beware of any download. If you don’t know the sender, don’t click on it, if you do know the sender, send a separate email checking whether they have sent it.
5. Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
6. Set your spam filters to high. All good email software has a spam setting, setting it to high will ensure most phishing attempts are blocked.
7. Secure your computing devices. Make sure you have up-to-date antivirus and malware software on all your devices.
8. Attend a training course.  These are great for raising awareness and keeping the threat front and centre in your mind.

If you want to run a training course for your business or attend one of our workshops, get in touch.