Social Engineering: Understanding the Importance of Cybersecurity
Email is not what it once was. In the past, we could receive an email from friends and family and not hesitate to open it. The joy of receiving an email from a loved one quickly turned into urgency as you raced to open it and see what they wrote. That feeling of trust and joy is exactly what internet hackers are now trying to exploit through social engineering.
Social engineering is a technique used to manipulate individuals into giving up valuable information. There are several different techniques used to obtain information: these include emails, personal contacts and phone calls. As if cluttered inboxes, anti-virus pop ups and spam filters were not enough, we now should inspect with caution every single email, phone call and person that we come across every day.
Over time, security equipment like firewalls and routers have become very sophisticated and difficult to hack. Rather than trying to break through these devices to get the data they are searching for, hackers have found an easier way to get information going after the individual or employee. Targeting our impulses and understanding the psychology of a busy worker has proven to be a much more lucrative venture for these cybercriminals.
One of the most common and sophisticated social engineering techniques is called phishing. In this strategy, a hacker will dress up an email to look like it is something that is expected by the recipient. An example may be an email coming from your IT department asking you to change your password. There will almost always be red flags within the email, but to the untrained eye these details may not be so obvious.
Here are some red flags to look for:
- Any email that is asking you to click to update your password, login or credit card number
- Misspelling in email addresses or company name
- Bad grammar or email structure
- Mismatching links. Example is an email from what seems to be a reputable company, but the link is trying to send you to a different website. You can hover over the link to view it, but do not click!
- An email from what appears to be your IT department with a valid company logo asking you to update your password with a link without prior notice
- An unexpected email from a verified source or client who sent you a file or a click here link
This is obviously not a complete list but it will help you determine patterns to look for and avoid clicking on a link with the potential to cause a data leak or breach.
Other Types of Social Engineering Attacks
There are several other tactics that are used that may not be as common as phishing, but we should still be aware of them. These are just as dangerous and will result in the same type of breach as email phishing.
Voice Phishing (Vishing) – A phone call is made that may appear to be from your bank or credit card company asking you to confirm your information to update your records on file. An unsuspecting victim could potentially give up personal information and become a victim of identity theft.
SMS phishing (Smishing) - Like email, an SMS or text message can be sent to your phone asking you to either click on a link or respond with personal or business information.
Physical Breach – A person could appear in person and pose as an employee or contractor to gain access to unauthorized areas or information.
A human firewall is a term used to define the line of defense or individuals that combat security threats. An organization needs a commitment from its staff to follow best practices to prevent a social engineering attack from happening. The more employees you have committed to being part of the human firewall, the stronger it gets. As an organization, you will need to make sure staff has adequate training and is properly equipped to help combat these hackers. By being aware, careful and knowledgeable, each individual can be an extra layer of security, not only for their own personal information but for the organization they work for as well.