Avoiding Social Engineering Attacks
In a social engineering attack, the cybercriminal uses human interaction to manipulate a person into disclosing information. And because people have a natural tendency to trust, social engineering attackers will attempt to exploit this in order to steal your information.
Cybercriminals use a variety of social engineering attacks in their efforts to steal information, including:
- Website spoofing
- Phishing emails
- Phishing phone calls
Once your sensitive information has been stolen, it can be used to commit fraud or identity theft.
UNDERSTANDING THE DANGERS OF PHISHING
From 2013 to 2016, businesses worldwide lost $5 billion to phishing, one of the most successful methods hackers use to access information such as email passwords, bank login information, and credit card numbers. Over 80% of companies have experienced a phishing attack according to a recent study by Accenture, which means your business and employees need to know what phishing attacks look like and how to deal with them.
Phishing happens when a hacker uses email or another form of communication to manipulate the receiver into clicking a malicious link or opening a dangerous file, which could result in the automatic download of malware or an employee entering their login credentials on a spoofed website. Phishing attacks are typically carried out through email, instant messaging, phone calls, and text messages (SMS). These attacks work because hackers prey on trust, using spoofed branding such as Microsoft, Amazon, FedEx, UPS, or banks. They also create urgency by playing on feelings of fear, sending emails that claim there was a complaint or grievance filed, a limited period of open enrollment, or some form of warning.
Prevention Tips
- Delete email, text, and social media messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information this way.
- Beware of visiting websites sent to you in an unsolicited message. Even if you feel the message is legitimate, type the address into your browser instead of clicking a link.
- Try to independently verify any details given in a message directly with the company.
- Use anti-phishing features available in your email client and/or web browser. Also, employ an email spam-filtering solution to help prevent phishing emails from being delivered.
- Do not open attachments from unknown senders, or unexpected attachments from known senders.
- Be cautious of the amount of personal data you publicize through social media and other methods.
As a business, you cannot fall victim to phishing attacks. They could lead to the loss of critical information, which both you and your clients can’t afford. There are a few precautions you can take as a company to ensure you are not the subject of a phishing attack:
- Make sure you have a security system that screens emails, catching attacks before they even reach your employees’ inboxes
- Use intelligent scanning, which is AI-trained to stop attacks in advance, adapting to new phishing methods as they evolve
- Have full-suite protection, which monitors file shares and more beyond just sent messages
RECOGNIZING CYBER THREATS
Cybercriminals are on the hunt for your sensitive personal information. Mobile financial services are frequently targeted, so remember to be on high alert for the following types of threats:
Social Engineering
Phishing is a social engineering tactic used to obtain personal information by masquerading as a trustworthy individual through electronic communications. Specific types include spoofing, SMiShing, and vishing.
Unsecured Wireless Networks
If you are able to access an internet network without entering a password or network key, unauthorized individuals can too. If you're on an unsecure wireless network , don't use your mobile device to transmit sensitive data.
Comprised Websites
If a website has a security error or your browser gives you a warning about the site, use caution. If you go to one web address and are redirected to anther, close your browser immediately and remember: When in doubt, don't click.
WHAT IS WEBSITE SPOOFING?
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website that’s published by a trusted organization.
- Pay attention to website URLs: A site may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social media sites, pop-up windows, or non-trusted websites. These links can take you to a different website than their labels indicate. Typing an address into your browser is a safer alternative.
- Give sensitive information only to websites using a secure connection. Verify that the web address begins with “https://” (the “s” stands for “secure”) rather than just “http://”.
Get your hands on our plan.
Ready to get started? Download and print the complete Business Blueprint to keep, read and use as a continued resource.