We often hear about a common type of hacker, who can access networks or computer systems externally with a certain level of technical expertise, but what about those who can access your systems, without hacking, because you have given them your information yourself?
What is social engineering?
According to the Oxford English Dictionary: “social engineering is the use of centralised planning in an attempt to manage social change and regulate the future development and behaviour of a society. In the context of information security it is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
Despite being largely under-reported, social engineering is a much easier way to exploit victims and the aftermath can often be even more damaging than traditional hacking methods. For example, it is much easier to fool someone into handing over their passwords than it is to try and hack them.
What are some of the common signs to look out for?
Phishing emails are one of the most common types of social engineering and easily identifiable as they usually contain strange-looking links or an attachment. They often convey a sense of urgency and may contain a number of spelling or grammar errors. It is recommended to double check any emails like these and think twice before opening any links or attachments, as these could allow malware to be downloaded onto your device in an effort to encrypt your files and then demand a ransom for their release.
Another common characteristic of social engineering is pretexting. This is when hackers will attempt to create trust with you through a pretext, or background information, that they have sourced prior to meeting or calling you. This can be done via a number of methods, from social media pages to pre-planned phone calls and text messages. Be on your guard and try not to give detailed information on social media. Your social profiles are potentially a mine of useful information for a hacker, useful facts including your date of birth, job and place of work – even your mother’s maiden name and pets name are are traceable in just a few clicks.
What can you do to prevent social engineering?
A security chain is only as strong as the weakest link – in most cases, this weakest link can be you and I! It doesn’t matter how many locks you apply to systems, if someone accepts a person or scenario at face value without checking for legitimacy then you are exposed to risk.
Here’s a few tips to help:
- Think first and act later – even if fraudsters want you to do the opposite.
- Do your research, it doesn’t harm to be a bit over suspicious.
- Remember the basics, most organisations will not ask you for personal details, so if you get asked to reply to a message with such information, it’s likely to be a scam.
- Never click any suspicious links or download any attachments if you are not sure of the source.
- Out of office messages – have a detailed internal one and bland external one. If hackers know you are out of the office, they can begin to build a picture of your movements.
Finally, remember to set a strong password – if it is 6-10 letters and numbers somehow personal to you, then it will only take a decent computer a few seconds to crack. Using a format something like !19petEdaVeStan62! which is three non-personal four-letter words, capitalised, with a split meaningful date year, plus a symbol at each end. This will be much harder to crack – in fact it could take up to three years.
If you would like any further advice relating to counter fraud for your business, contact Wilkins Kennedy to see how we can help.