We’ve all experienced spam or phishing emails that attempt to get you to reveal your personal information to a malicious attacker. However, there are ever more sophisticated attacks that you may not recognise so readily. All of these style of attacks are known collectively as ‘social engineering’.
Social engineering involves sophisticated methods to manipulate you into doing something you should not do, like revealing your password or propagating a virus. It’s basically a bigger, more inclusive term for attacks like spam and phishing as well as other methods for breaching an organisation’s security. Technology will not protect people from these type of attacks, as they prey on human weakness rather than technical weakness.
Examples of social engineering other than spam or phishing can include:
- Baiting: an attacker leaves a USB drive to be found that will spread a malicious virus when a person plugs it into their computer.
- Pre-texting / bohoing: an attacker will actually call a person through their company’s switchboard so caller ID makes it appear they are part of that organisation – adding legitimacy for their request of a password to be revealed.
- Mind games: an attacker may call you claiming they are responding to a question you had raised or a survey you had completed.
- Tailgating: an attacker may claim they have forgotten their pass or simply walk in behind you to gain access to a secure area.
How can you protect yourself and keep your info secure?
- Essentially, have a great password and never share it with anyone. Choose a strong password and keep it safe.
- Don’t respond to emails, links or calls that require you to share your personal information. Check out our article on Phishing.
- Don’t use an unprotected computer or unprotected wi-fi.
- Don’t install unauthorised programs on your computer.
- Don’t leave sensitive hardcopy docs on out in plain sight in your work area.
- Keep your laptop and smartphone physically secure.
- Don’t connect unknown devices, like USB drives, smartphones or mp3 players to your computer.
- Stay alert and report suspicious activity to Service Desk.