Manipulating people into giving away security-related information is known as “social engineering.” Hackers make it their mission to get computer access or find out revealing information with psychological tricks on humans. Social engineering attacks are becoming extremely common against small and medium sized businesses and enterprises, with hackers learning how to outsmart employees into giving out valuable company data. IT departments must remain two steps ahead of these cyber criminals in order to avoid becoming the victim of a social engineering hack.
Examples of Social Engineering Hacks
A social engineering hacker looking for a credit card may call an unsuspecting person and say that their credit card has been flagged for unusual activity. To remove the hold on the account, they need to verify some information with you, such as your mother’s maiden name, your credit card number, and your address. To gain your confidence and make the whole phone call seem legitimate, the hacker will probably offer the most recent transaction and last four digits on your credit card – two pieces of information he or she can easily obtain from paperwork in your trash. Once you “verify” your card number and mother’s maiden name, the hacker can use the card to make purchases online or by phone.
A very common method of social engineering hacking involves phishing attacks and rogue websites that appear to be trusted companies. People click links in their email because the communication invoked urgency or fear of some sort, and then the link takes them to a website that looks familiar and trustworthy, where the individual unknowingly gives away payment information or access to private information on the device they’re using to criminals. For example, a hacker may send you an official-looking email with a link to your bank website. Once there, you have to enter your bank user ID and password. Since the website is not actually your bank, the hacker now has all he or she needs to access your real bank account.
Protecting against Social Engineering Hacks
In an organization that relies on email and the internet to complete your daily business activities, your risks for social engineering hacks are great. Humans are the weakest link and they need to be trained. Conduct bi-annual training for end users, IT staff, and managers, so everyone is aware of the most recent attacks. Training employees to recognize common tricks used by these hackers is key to preventing attacks against your organization, including but not limited to teaching them not to click links from within emails, no matter how official they seem. Some other protections include:
- Test employees with social engineering tests conducted by outside parties.
- Use a spam and virus email filter to block as many phishing exploits from reaching your internal servers as possible. In case they get through, also use an endpoint protection system to block malware.
- Get shredders for employees to use. Require that all employees shred confidential information rather than toss it in the recycle bin or trash.
People should never give out confidential information, or even information that seems non-confidential, about themselves or the company over the phone, over email, online, or in-person without first verifying the identity of the individual asking for the information and why they would need it.
Fidelus Technologies, based out of New York City is a Professional and Managed Information Technology Services company focused on customer success and business efficiency . Our services provide seamless networking, data center, wireless, security and unified communications expertise for medium and enterprise sized businesses. We have a consultative life cycle approach that includes requirements gathering, assessments, solution design, planning, project management, engineering, adoption and evolution (training) services to fully support the IT needs of your organization.
If you’re looking for more information on how Fidelus can help with your organizations technology please contact us here. To access our in-depth analysis on how IT teams across the country are using IT services and products within their organization click below.