A social engineering attack involves an attacker who takes advantage of social norms to gain access to an organization’s data. Hackers who implement such attacks can disguise themselves as a trustworthy source to build rapport with company employees. Once the attacker has made a connection, they will try to extract confidential company information to compromise and potentially cripple the business. Possible disguises include – impersonating a new employee, outside contractor for the business or as a researcher.
There are several different types of social engineering attacks:
Phishing attacks aim to impersonate reputable organizations such as banks, government institutions, etc. to trick users of a company into sharing their personal or financial information, company information or downloading malicious software to gain access to that data. This also involves being redirected to fraudulent websites that are designed to scam people.
Vishing attacks use voice communication as a means to cheat individuals and organizations. This form of social engineering attack can be combined with other types of cyber-attacks to call a certain number and then to share confidential information. With the evolution of Voice over Internet Protocol (VoIP) phone systems, hackers find it easy to mask their identity and in turn take advantage of vulnerable users.
If you find yourself in a situation where a person requests confidential information over the phone, confirm the identity or even reach out to the organization directly to confirm the authenticity of the call. THINK TWICE BEFORE SHARING YOUR PERSONAL INFORMATION.
This form of social attack uses messaging channels such as text messages or SMS to gain access to sensitive information. Such messages normally contain links to fraudulent websites or bogus numbers designed to trick individuals into giving up their personal information.
- Always confirm the identity of the person if faced with a request for confidential information.
- Never reveal sensitive information over email.
- Always check the security posture of a website before sharing sensitive information.
- When in doubt about an email request, contact the company directly to confirm the identity of the sender.
- Ensure your organization has managed anti-virus, firewall and spam management as a bare minimum to safeguard against such threats.
Triella can help your firm implement the security protocols to stay protected from such scams. Call us now to get started!
For more information on social engineering attacks, please click here.
Faraz Mehmood is a Sales & Marketing Coordinator at Triella. We are a technology consulting company specializing in providing technology audits, planning advice, project management and other CIO-related services to small and medium-sized firms. Faraz can be reached at 647.426.1004. For additional articles, go to our blog page. Triella is a VMware Professional Partner, Microsoft Certified Partner, Citrix Solution Advisor – Silver, Dell Preferred Partner, Authorized Worldox Reseller and a Webroot Reseller.
© 2019 by Triella Corp. All rights reserved. Reproduction with credit is permitted.