In social engineering, cyber attackers manipulate or trick people through social interactions into breaking your security protocols. They use human psychology instead of technical methods to gain access to your networks and systems. Here’s what you need to know about social engineering hacks, and how Cyber Underwriters can help.
Baiting – Cyber attackers ‘dangle bait’ to entice their target to act.
Phishing – Cyber attackers send fraudulent texts or emails to their target in hopes they will unwittingly divulge information.
Pretexting – Cyber attackers fabricate information (or a story) that attracts attention. Then, they try to trick their target into providing them with something of value.
Quid Pro Quo – This type of social engineering hacking involves an exchange. Cyber attackers make the victim feel that it is a fair exchange, but it’s not.
Spear Phishing – Cyber attackers target a specific organization or person and use their personal information to appear more legitimate. Then, they trick their targets into divulging information or granting them access to sensitive data.
Tailgating – This physical type of social engineering happens when an unauthorized person follows an authorized person to a secure location. The goal of tailgating is to either obtain confidential information or valuables.
Research – Cyber attackers find your personal information; often through social media.
Contact – Once they have your information, cyber attackers use it to contact their target and gain their trust.
Attack – When a cyber attacker gets the information they want, they can access your systems, steal your data, and use it to assist them in additional attacks.
Now that you know more about the types and phases of social engineering, you need to do what you can to minimize your risk. Always delete requests for personal information or passwords. Reject any offers for ‘help,’ and make sure you set your spam filters too high. You also want to secure your devices with updated anti-virus software to ensure you are protected.
Social engineering is more common than you may think, and it is often successful even when you are taking the necessary precautions. Cyber Underwriters provides the following services to make your social engineering toolkit complete:
Click Tracker – We send emails to your employees then check to see who clicks on the fraudulent link.
Credential Stealer – We send emails to your employees. Then, we not only see who clicks on the fraudulent link, but we also can tell who enters their credentials on a fake website.
Document Open – We send emails to your employees that contains a modified Word, Excel, or PowerPoint document. Once opened, this document attempts to load an image from Altus servers for tracking purposes.
Marco Enable – We send emails to your employees that contain an Excel document with a macro that will execute if your employee clicks ‘Enable Marco.’ Many cyber attackers attempt to use macros to gain access to corporate networks.
USB Drop – We leave USB devices around your office that contain (safe) executable files or documents to see if your employees will try to use them. Then, we work with your IT team to uncover users that plugged the USBs into their computers and opened files.
Cyber Underwriters is here to help minimize your risk of becoming a social engineering victim. Contact us today for more information.