In our fast-paced digital world, where passwords guard everything from your bank account to your cat’s Instagram profile, ensuring their security is...
Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the blog archives!
Back in the day, protecting yourself from bad actors meant being aware of your surroundings, looking out for your neighbors, and locking your doors. These days, bad actors are getting smarter, more technologically advanced, and evolving to using psychological tools to trick people into giving them what they want (Alexa, play Money by Cardi B). Enter: Social engineering, a type of attack that uses psychological manipulation to trick users into divulging sensitive information, including bank account numbers and credit card details. As business leaders, it's important to be aware of social engineering and the ways it can impact your organization. Let’s take a closer look at some of the most common social engineering techniques used by attackers.
Chances are, at some point you’ve had to sit in a stuffy conference room or impersonal Zoom meeting while someone reads from an outdated PowerPoint. Maybe this training was part of your new hire orientation, wedged between a payroll presentation and cringey examples of HR violations; maybe you completely zoned out and watched Taylor Swift lyric analysis videos instead. Don’t worry, we won’t judge you– but we do want to offer better solutions for security awareness training. Human Risk Management is an ongoing, evolving process that can’t be comprehensively captured in an annual presentation, and it begins with building a culture of security awareness.
What does social engineering look like and why is it a problem?2
Social engineering can be carried out by using a range of techniques and can look like phishing scams, infected flash drives, voice impersonations, fake charity campaigns, and even using technology to trick people into thinking their loved ones are in danger, which is a particularly malicious type of scam. Let’s review some of the common forms of this so you can protect yourself.
Imagine this: you get a phone call that appears as if it’s coming from a family member. You answer, and someone who is not your family member is on the other line, claiming they have your loved one and they will hurt them if you don’t send them money immediately. (Heck, if the family member has enough video of themselves talking on social media, AI can be used to create a script using the voice and speech patterns of said family member!) At this moment, you are probably scared and will do whatever it takes to keep your loved one safe, so you send the money.
Immediately after, it becomes clear you were scammed, and your loved one was never in danger. You’re probably confused–you thought scams looked very different than this.
Thankfully, being aware of what scams can look like and how they are getting more advanced and cruel can set you up to stop and think before you send money if you are ever put in this position.
How can social engineering impact both businesses and individuals?
Social engineering attacks have potential major negative impacts on both people and businesses–because, after all, businesses are made up of people. Attackers can use social engineering scams to gain access to sensitive data from employees, such as business bank account numbers, business credit card details, and business passwords, all of which can have major security and financial implications for companies. Imagine an employee handing over sensitive business financial information to an attacker because the attacker used advanced AI technology to impersonate the voice of their manager or CEO–the possibilities are scary. Thankfully, we can help.
What are ways to prevent social engineering attacks?
As with all scams, practicing proper cyber security awareness is key. Your company should ensure employees are educated on how to spot malicious activity (feel free to send this blog to your whole company). Companies can implement training and simulations or drills to get employees used to looking out for the common scam techniques, prompting them to double-check whom they are dealing with and use multi-factor authentication when transferring sensitive information. Additionally, ensuring employees have strong passwords and backup authentication methods like 2FA or MFA in place will help protect against unwanted visitors trying to exploit people.
When in doubt, report report report
It’s important to train your team members to report any suspicious messages as soon as they receive them. Get team members into the habit of documenting the details– have them immediately notify the IT team with as much information about the attempted scam as possible, such as time of day and the way in which it was delivered and then contact an authority figure such as your security or IT team to make sure they can properly be protected. Sometimes, getting government authorities involved might even be necessary, depending on the type of scam. You may even need to contact a regulatory body if data breaches are involved.
Social engineering is a serious problem that can have devastating consequences for businesses and individuals. By understanding what social engineering is and how it works, you can be better equipped to protect yourself and your organization from attacks.
Remember, knowledge is power when it comes to combating social engineering attacks! Always think twice before you send an email, consider sharing login credentials, or offer up any information that lets someone get high-level access to your most valuable information.
Curious about cybersecurity training that works? We can help.
More from the Trenches!
Phishing 101: What You Need To Know About This Security Scam Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're...
5 min read