Beware For These 4 Social Engineering Tactics
Social engineering is the most common tactic used by cyber criminals to perform cyber attacks on businesses. Social engineering exploits human Psychology rather than technical hacking techniques to gain unauthorised access to business systems, finances and sensitive data.
Employees are targeted most by social engineering tactics because they are seen as an easy way in. This is why regular employee training is vital, this means your employees will be well trained on recognising and avoiding potential cyber threats.
A well trained team is a wise team, and a wise team makes a strong business.
This article states the 4 most commonly used social engineering tactics used by cyber criminals.
1. Phishing Attacks
Phishing is the most common social engineering attack. It involves sending fraudulent emails that resemble those from reputable sources to steal sensitive data like credit card numbers and login credentials.
They are even more convincing due to cyber criminals now using AI.
The Signs Of Phishing Attacks
- Misspelled domain names
- Public Domains
- Bad Grammar & Spelling
- Sense Of Urgency
- Suspicious Links/Attachments
Check out our phishing awareness blog for more on phishing and measures your business can put in place.
2. Pretexting
Pretexting increases the chance of a phishing tack being successful.
Here, the cyber-criminal obtains information through a series of cleverly crafted lies. The scam is often carried out by the criminal pretending to need sensitive information from an employee to perform a critical task.
They will often pretend to be the managing director or someone else high up in the business, this can be believable for employees who are not trained to recognise fraudulent cyber tactics and attacks.
If an employee falls victim and is compromised, their accounts will then be used by the cyber criminal for further pretexting attacks through spear phishing.
Spear Phishing is when many victims are targeted in bulk.
3. Quid Pro Quo
Quid Pro Quo scams are engineered to appear as if they are coming from a trusted source and look as if it’s a transaction/service the target victim was looking for.
The target may receive an email or a phone call which offers to solve a problem, but in order to access the solution offered, the target victim will be required to provide information such as log in credentials or money.
The attack might not be visible at first but this would open the door to a larger scale cyber-attack.
4. Scareware
A Scareware attack bombards targeted victims with false alarms of their computer system being infected with malware. They will then be prompted to install malicious software.
Scareware is also known as; fraud ware, deception software and rogue scanner software.
Scareware often comes in the form of pop up banners which look realistic. These banner ads can pop up while the user is surfing the web.
Another way of distributing Scareware is through spam emails which include bogus warnings or encourage the target victim to purchase a harmful service.
How Innovec Can Help You
Businesses must educate their employees about these tactics and encourage a culture of cyber security awareness. After all, the best firewall is a well-informed human.
We can apply the following solutions to help mitigate the social engineering tactics above.
- Add a professional spam filter such as ProofPoint or Spam Titan – this will help filter out more of these types of attacks by intelligently looking through the content of the incoming e-mail
- Add a notification to all externally received e-mails – this will highlight to all users that the e-mail is from an external source and not from “the boss”
- End user education – we can provide cyber security training, and also send out test e-mails to your employees to help educate with real-world examples
If you could benefit from any of the help above, get in touch with our Innovec team. We will be happy to arrange a 10 minute call at a time which suits you, for a chat about how we can help and offer some advice.