Objective: How to spot and stop social engineering attacks, such as those that happen over the email or the phone.
A common misconception most people have about cyber attackers is that they use only highly advanced tools and techniques to hack into people’s computers or accounts. This is simply not true.
Cyber attackers have learned that often the easiest way to steal your information, hack your accounts, or infect your systems is to simply trick you into making a mistake by using a method called social engineering.
Social engineering is when a cyber attacker pretends to be someone or something you know or trust, such as your bank, a co-worker, or a tech support company, and then uses that trust to get what they want, usually by just asking for it.
Cyber attackers can launch a social engineering attack using a variety of different methods, including email, instant messaging, over the phone, or in person. They use numerous tricks to get your attention, such as offering free downloads, announcing that you won a contest, or pretending that your computer is infected. In addition, these attacks often appear to be legitimate, such as including an official logo or a formal signature. Their goal is to get you to share information, (like your password) or take a specific action, (like opening an infected email attachment).
You can help to protect yourself, your family and your business by recognising social engineering attacks before they happen. The simplest way to defend against social engineering attacks is to use common sense. If something seems suspicious or does not feel right, it may be an attack.
Some common indicators of a social engineering attack include:
- Resist the Rush – Social engineers often create a tremendous sense of urgency, such as telling you there is a tight deadline, to trick you into making a mistake. If someone pressures you to bypass or ignore our policies, it is most likely an attack.
- Recognise the ‘Bag of Tricks’ – Social engineers use emotions, such as fear, intimidation, curiosity, or excitement, to get you to do what they want. If something sounds suspicious or too good to be true, it probably is.
- Think Before You Click – Social engineers want you to carelessly click on links and not think twice before opening attachments. Be cautious: one wrong move could infect your device and spread it to others.
- Don’t Just Download It or Plug It In – Social engineers count on you to download unapproved software or plug in infected USB drives or external devices. Only use authorised hardware and software. If you are not sure if something is authorised, just ask.
- Ask Questions, and If It Feels Odd or Suspicious – If you suspect someone is trying to make you the victim of a social engineering attack, do not communicate with the person anymore. Simply hang up the phone or ignore the message and contact the help desk or information security team right away.
[su_note]Please contact our ARANKISH team, if you need any further assistance. Stay Safe and Secure!![/su_note]