A 2017 Verizon study determined that 43 percent of cyberattacks were social engineering scams. Perhaps one of the scariest things about this type of attack is that firewalls, antiviruses and other software cannot guarantee protection from them.
What is Social Engineering?
Social engineering refers to scams in which hackers gain and exploit the trust of their victims. The hackers will often masquerade as a legitimate source such as a coworker or bank to entice their victims into handing over sensitive information.
Common social engineering scams include:
- Phishing attacks occur when a hacker sends a spoof email that appears to be a real one, but it contains a malicious link or attachment that infects the victim’s computer when opened.
- Spear phishing. Spear phishing is similar to phishing, but it’s custom-made for a specific individual or organization. Spear phishing attacks will contain highly-personal information to appear extra authentic.
- Scareware refers to a hacker making the victim think their computer is infected with malware. The hacker will offer a solution, and, when the victim downloads it, their computer will immediately be infected.
- Pretexting involves a hacker lying to a victim in order to gain sensitive data. For example, they may pretend to be a bank representative requesting company credit card information in order to verify purchases.
4 Ways to Avoid and Manage Social Engineering Scams
1. Think before you Act
Social engineering scams work so well because they convey a sense of urgency that will entice victims to act before thinking. After all, an email that says your company credit card has had a $10,000 charge and they need all of your information to investigate will probably elicit an immediate response from you.
However, if you receive a suspicious request for sensitive information, think about it for a second. After a moment of reflection you’ll likely realize it’s a scam. Credit card companies never ask for personal information. The IRS won’t ask for your social security number. Think before you act.
2. Beware of Unsolicited Emails
Any time you receive unsolicited emails, be very wary of their contents. Fraudulent emails will often have misspelled words, offers that sound too good to be true or threats of account closure.
Be especially cautious when clicking a link or opening an attachment contained within an unsolicited email. Such a simple act could immediately infect your computer with malware.
3. Run a Penetration Test
Penetration testing is a cybersecurity practice designed to see how much damage a successful attack can have on a network. During the test, you’ll see how adept the employees on your network are at identifying scams, providing insight as to what training they may need.
4. Keep your Software Updated
While antivirus software cannot guarantee protection from social engineering attacks, it can mitigate the damage they may do. Always make sure all software is up-to-date so you have the latest security patches.
Any time you suspect someone is trying to scam you, contact your IT team first. It’s always better to be safe than sorry!