What is social engineering?

Social engineering is one of the most significant security threats facing businesses today, and unfortunately it’s becoming more common and sophisticated. This means businesses need to be savvy in how they identify social engineering and embed organisation-wide processes to prevent it.

Basically, social engineering is like a modern-day con artist. Cybercriminals use deception to manipulate people and businesses into voluntarily providing personal and confidential information that is then used for fraudulent purposes.

It is set apart from traditional hacking, mainly due to the human interaction component, which makes it harder to avoid. It isn’t as technical as some other forms of cyber scams and does not necessarily entail systems or software being compromised.

How can it affect you?

The diversity and sophistication of the methods used, and the nature of the information unknowingly handed over can have significant impacts on business continuity.

Here are the five main types of social engineering to look out for.

  1. Phishing is the most common mode of social engineering that is usually delivered as an email, chat, web ad or website that has been developed to imitate a real organisation. Messages often say the recipient has won a prize and then request bank details to deposit the winnings.
  2. Baiting involves offering something to pique the interest of the recipient in exchange for their log in details or confidential information. It could be a movie download, and once the bait is downloaded, malware is placed on the user’s system.
  3. Quid Pro Quo is similar to baiting but the request here is for login details/sensitive data in exchange for a service.
  4. Pretexting creates a false sense of trust with the user by impersonating someone known to them, like a co-worker and then asks to gain access to login details.
  5. Piggybacking is often referred to as ‘tailgating’. This is where a cyber-criminal physically follows someone into a restricted area or system. A common example is when a hacker says they have forgotten their work identification card and requests for an employee to hold the door open for them.

How can you avoid being a victim of social engineering?

Some other simple measures you can put in place:

  1. Install the latest anti-virus software, firewalls and email filters. Having up-to-date email software will also help to filter out junk mail, including scams. Spam filters should be set high to eliminate as much junk mail as possible.
  2. Educate your staff about what social engineering is and how to identify suspicious emails and requests. For example, they should know that foreign offers are fake, so if they receive an email saying they have won a foreign lottery it is guaranteed to be a scam.
  3. Introduce and monitor relevant policies and procedures so that all staff in your organisation know the appropriate protocols when it comes to opening and actioning emails and correspondence from unknown recipients. Put rules in place around sharing personal information.

Note: This is a general guide only.

Insurance is critical. It protects you against any losses and mitigates risk to any disruptions your business may face. Abacus can work with you to customise a package to suit you and your business through PSC Hiscock Insurance Brokers.

 

Sources

AFTA

Digital Guardian

Imperva

Norton