What is Social Engineering?
Social engineering tactics are one of the most common types of cyber threats small businesses face today. They are fast, effective, and cannot be stopped simply with technology alone. Social engineering is defined as the act of using human interaction and manipulation to obtain confidential information about a person, organization, or its IT systems.
Social engineering relies heavily on information gathering. A simple online search or reviewing social media accounts are just some of the ways hackers gather information. Successful social engineering tactics often rely on:
- Human emotion
Common Social Engineering Tactics
Three of the most common social engineering tactics are phishing, voice phishing (also known as vishing), and spear-phishing.
Phishing: The process of gaining sensitive information via email by pretending to be from a reputable source. An example of phishing would be receiving an email which looks like it came from your bank. Then, being asked to update your online account details by clicking a malicious link and giving away your sensitive information.
25% of all data breaches involve phishing. -Verizon
Voice Phishing (Vishing): Uses a phone conversation to gather sensitive information. An example of vishing would be someone calling and pretending to be from the Canada Revenue Agency to collect money from you.
Spear Phishing: Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons via email.
How to Avoid these Attacks:
Verify: Call back or email the sender to verify their authenticity but do so by searching them online and getting an email or phone number directly from their website.
Slow Down and be Vigilant: Hackers will always try to convince you that you need to urgently respond to their request. If asked to disclose sensitive information, STOP and ask yourself, “Do I really know who is making this request?”. When you don’t feel comfortable providing information, don’t.
Report Suspicious Activity: You should adhere to the security policies and procedures at your organization and report suspicious behavior to the appropriate staff.
Social engineering threats impact organizations of all sizes. Such threats cannot be stopped with technology alone. When it comes to social engineering attacks, you are the first line of defense to protect your organization.
How a Managed Service Provider (MSP) Can Help
- Cybersecurity Awareness Training
- Simulated email phishing campaigns
- Multi-layered Managed Security Services
- Microsoft Defender for Office 365
- DKIM/DMARC (security protocols for email)
An MSP can help you implement security solutions to protect your business and help foster a solid security culture within your organization. To learn more about our Managed Security Services, visit: https://yournucleus.ca/services/cybersecurity-services/ or reach out to us.