February 21, 2018 - Phishing, vishing (uses phone calls) and smishing (uses text messages) plus impersonation are the top four social engineering techniques used in more than half of the hack attacks these days. In this issue we're looking at what social engineering is, preventing attacks, your best defenses again these attacks and how to educate your employees about social engineering.
Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. That firewall won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or LinkedIn connection. Or a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
Social engineering attacks are not only becoming more common against enterprises and SMBs, but they're also increasingly sophisticated. With hackers devising ever-more clever methods for fooling employees and individuals into handing over valuable company data, enterprises must use due diligence in an effort to stay two steps ahead of cyber criminals.
Social engineering is nothing new. It's a tool of psychological manipulation that's been used since the dawn of man. Why? To influence people into taking action that might not be in their best interest. Sometimes it's fairly harmless, like a child sweet-talking his mom in order to get extra candy. Many times, however, social engineering is used for nefarious purposes. Social engineering taps into the human psyche by exploiting powerful emotions such as fear, urgency, curiosity, sympathy, or the strongest feels of them all: the desire for free stuff. Which is why cybercriminals have caught on.
Most people think that social engineering involves engineering the target, and convincing them to give up useful information. That's one way to do it, but it's not the only way. In fact, the most successful methods involve never letting your target know until it's too late. Don't get us wrong, hackers and data thieves are still interested in your passwords, it's just that in order to get at your data, there are far more effective ways to do it than trying to brute force your Google account.
Social-Engineer.org, a non-profit organization of security experts seeking to raise awareness of the data theft threat posed by social engineering techniques, showcased just how vulnerable businesses are through a contest it organized at the DEF CON 18 Hacking Conference. The web site released a report on the data generated by the contest last month, and spoke to eSecurityPlanet.com about some of the things you can do to secure your company against hackers employing social engineering techniques.
Nearly every person in your organization likes to think of him or herself as solid, dependable, and professional. So imagine how they would feel if they realized they'd been totally taken in by a scam artist. Now imagine that on top of being taken in, they'd allowed the scam artist to steal from or damage your organization.
Copyright (C) 2018 Attainium Corp - All rights reserved.