So, what is Social Engineering? Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your business computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal entree. Phishing, spear-phishing, and CEO Fraud are all examples. In another blog, we dive deeper into Phishing and how you can prevent it.
Social Engineering Techniques
What does this method look like in action? It could look like an email that has been designed to seem like it is from a trustworthy group, like the Better Business Bureau. But if you open it and click on that attachment, you could be installing malware. Or, it could be cloaked to look like it comes from someone inside your business – someone whom you trust. But if you reply to that email with your user name and password, your computer is effortlessly compromised. The rule is Think Before You Click.
Social Engineering Attack
You may have heard of Norton antivirus, published by Symantec. The technical director of Symantec Security Response said that bad guys are generally not trying to exploit technical weaknesses in Windows. They are going after you instead. “You don’t need as many technical skills to find one person who might be willing, in a moment of weakness, to open up an attachment that contains malicious content.” Only about 3% of the malware they run into tries to exploit a technical error. The other 97% is attempting to trick a user through some type of social engineering scheme. This means it does not matter if your workstation is a PC or a Mac. The final line of defense is… you guessed it: YOU!
Social Engineering Examples
Cybercriminals create phony profiles on social media and try to trick you. They will imitate a celebrity or one of your friends or coworkers. These profiles look very much like the real thing, and it’s easy to be fooled. They try to impersonate a celebrity that the bad guys already know you like a lot.
Let’s say you were misled into believing a bogus Social Network profile. The next step is that they try to make you click on a link or install malicious software, frequently, something to watch a video. If you click, or do that install, it’s exceedingly likely you will infect your desktop with malware that allows the attacker to take over your PC.
How do you protect your business?
At Emerald City Solutions, we got you covered with our all NEW Cyber Security Pro Training! Here’s how it works:
1. Initial Testing
We start with baseline testing to assess your vulnerability through simulated phishing attacks.
Providing security awareness content through education videos and newsletters will help your employees achieve greater awareness.
Includes follow up phishing simulations to elevate knowledge retention.
Network Pro Reporting for Improved Security Behavior.