With social engineering exploits on the rise, now is a good time to stay ahead of threats and attackers’ tricks, keep your personal and sensitive data safe and stop unlawful entry into your organization. Bad actors are always looking for the easiest vulnerability they can exploit. When it’s too difficult or time-consuming to hack into an organization, they can get the job done by abusing someone’s trust or manipulating their feelings. This is where social engineering comes in. Attackers use this technique to dupe victims into giving them confidential data, such as passwords or banking information, so they can accomplish their goals with ease.
There’s a close link between social engineering and cybersecurity. By better understanding how social engineering takes place, you can protect yourself from these sneaky attacks and help keep your organization safe. Here are a few tips to share that will help keep you from falling victim to this kind of online manipulation:
Be suspicious of unsolicited messages. If you receive a message that you were not expecting, your “spidey senses” should go on the alert right away. Be wary, even if the message looks legitimate at first glance. Similar to figuring out whether to answer an incoming call from an unknown number, ask yourself why this person is contacting you and what they want.
Never use the contact information in a suspicious message. If you receive a potentially suspicious message, contact the presumed sender using information you’ve looked up independently (i.e., don’t use any contact information in the message itself) to make sure they actually sent the message.
Don’t assume your favorite apps are safe. Attackers know you’re more likely to be vigilant about phishing emails, which is why they’re increasingly trying to reach you via the apps and sites you trust. Have you received a text message recently about a problem with your PayPal or Facebook account? Attackers know they have a better chance of catching you with your guard down on social media, as well.
Don’t assume your business communications are safe. If you receive an email from a coworker that looks off, listen to your instincts. Reach out to that coworker using another method of communication, such as a phone call or text, and make sure they actually sent you that message. With the advent of AI and deepfake audio, suspicious communications are worth taking the time to validate.
Be stingy about sharing personal information online. Know that cybercriminals happily harvest your comments on LinkedIn or Facebook memes, so they can then use your personal information to steal your identity or break into one of your accounts later on. They will also scrape your public social media posts for morsels of information they can use to gain your trust or the trust of someone you know using your information for a future phishing attack. Have you ever seen a Facebook post asking followers what year they were born?
Think before you act. Knee-jerk reactions and urgency are an attacker’s best friend. If there’s an urgency to act, that should raise a red flag. Attackers know if they can get a quick emotional reaction from their victim, they have a better chance to succeed in their malicious actions than if their subject is cautious and thinks through the requested action.
Never click a link in a suspicious email. Clicking on an attacker-planted link in an email can trigger a Trojan or malicious download on your machine. Often, you can mouse over a link to discover something’s not right, but even these URLs can be cleverly disguised. If you feel you must access a site, open a new browser and go directly to the site to help ensure you are keeping your data and your organization safe.
Protect systems on your home network. Many of us work from home full- or part-time and have family members’ systems on our home network. You may feel like your corporate computer is protected, but you should check the rest of your systems. A clever attacker may try to access these more vulnerable systems to more easily access yours. They may also be building a persona profile to better understand where you might let your guard down. Have you ever seen what looks like a child’s sports team email come to your workplace or received a registration email from a summer trip you are considering? Protecting these home systems with some vigor with patching and anti-virus protection will go a long way.
We must be ever-vigilant with our personal and sensitive data. The tips above should help you take preventative steps to keep their information secure.