Social Engineering

Social Engineering is a tactic used by hackers to manipulate human behaviours in order to access to your computer or data assets.

IT software and security has improved recently, making it harder for someone to gain access through a computers weak spot. Hackers have adapted to this taking a different path to make a breach by manipulating our natural human instincts, desires and behaviours.

These attacks are becoming more and more common, as it takes less technical skills to trick someone into an action over compromising a company or individuals network and security.

Today most successful cyber-attacks occur with some level of human interaction by using tactics such as phishing emails. This may appear as an email from a company like Australia Post regarding a package delivery. When you click the link to find out more, a malware or virus is installed on your computer.

Hackers can even make a physical appearance at public Wi-Fi areas like food courts to gain access to less secure data.

Social Engineering may also involve scanning your social media. By using your likes and dislikes, they tempt you with an attack appearing to be from something you are interested in or a company or cause you resonate with.

Tips to avoid becoming victim to a social attack

As a social engineering attack relies on that human input, being educated and aware of threats can greatly reduce the chances of falling victim.

1. Slow Down

Take the time to review details in an email. Look for mistakes in the email address or URL. For example instead of johnsmith@email.com an attack may appear as johnsmith@email1.com. This is known as email domain spoofing. By looking for mistakes in grammar and spelling errors, the extra few seconds you take can save you money and heartache

2. Too good to be true? It probably is… 

An offer sent to you as large money transfers to your account from another country by sending a small amount to the sender. Maybe it is a special gift from an online site for a product if you just click this link… If it seems too good to be true it probably is. 

3. Check before you click

Before you open that email link or URL, hover your mouse over the link to see the end destination. Consequentially, if it does not look legitimate, delete and report it to your IT team. Where possible, instead of clicking the link, type the URL into your web browser instead.

4. Beware of any links to downloads

If you don’t know who has sent you a file or download, be cautious. Even if it may have come from a friend or co-worker if it seems unusual, reach out to the contact through a different medium (phone call or message to check the legitimacy).

5. Beware of “act now” emails

 Emails or messages requesting information or a response immediately should bring about a alarm bells. This is one way social engineering plays on human nature, by making you feel like you need to address the email now or else…

6. Protect your computer

Ensure you have the latest antivirus and email protection installed on your computer and devices, & keep your spam filtering set to high. We recommend to set your computer to automatically update. This applies to your mobile devices if you are checking emails on them too. Use a good password system and 2FA to ensure your accounts are protected.

7. Don’t share banking credentials or passwords over email

Banks will never ask you for your bank details or ask you to update a password through an email. Most importantly, if you see an email like this delete it. Always go directly through your banking institutions website. In addition, this applies to handing over personal information over the phone.

8.Be aware of what information you share on unsecured networks

When at your favourite coffee shop or shopping centre, beware of accessing the public Wi-Fi. If you can, use your 4G data or if you have your own personal VPN use this to help add a layer of security.

Above all, avoid using websites that contain your personal information such as banking and social media when on a public network.

9. Be mindful of what polls and games you play on social media

Social media can be great and a way to engage with family and friends, however hackers take advantage of this by creating polls and games to find out things like pet names, favourite holidays and cities you have visited or born in. Do these sound familiar? That’s because they are usually common passwords or security questions.

Check your security levels on your social media accounts and be cautious of messages sent with links you are unfamiliar with, even from friends.

What do I do if I fall victim?

With just the little bit of knowledge you now have, hopefully you will be able to take the time to spot a threat. Even after all the precautions, there is still a chance you fall victim. If you do, notify your IT team immediately and change your passwords, then close any applications open.

The problem is social engineering is difficult to stop. A lot of these attacks look legitimate and real. They even use the same templates and designs you see on a legitimate website. Attackers rely on people ultimately being complacent and not taking the time or precautions to avoid their traps.

Education to what threats exist, and having the right processes and compliance in place is essential to mitigating risk for you and your company. This can be done with Cyber Security Training including awareness videos and simulations.

Finally, ensure you back up your data as a final layer of protection, both physical and cloud based if possible.

If you would like to know more you can also read further about cyber security in some of our other blogs.