If you haven’t heard the term, “social engineering,” prepare to be annoyed. Most professionals have heard of phishing and try to take precautions to avoid becoming victims of it. However, phishing is a form of social engineering and unfortunately, just a small part of a larger group of craftier forms of manipulation.
Social engineering preys on the desires many people have to be liked, to be polite, to be friendly, to get a deal and to believe in the kindness of others. With powerful emotional tactics, hackers and scammers get professionals to give them access to secure data, passwords and login information every day.
To protect your staff, it’s essential to train them to spot:
- Suspicious emails with files and attachments,
- Suspicious people who call or visit the office,
- Emails asking for login credentials,
- Fake banking and PayPal emails, and
- Fake vendor emails and other forms of contact
How Does Social Engineering Work?
- Scammers who Tailgate or Piggyback pretend to work in your office. They hang around groups of your staff at lunch. Since no one wants to be rude and not hold the door for someone who might be new or work in another department, a hacker follows them into the office from lunch.
- Your intern thinks he finds a free USB stick lying around the cafeteria. However, it’s loaded with malware that quickly gathers your company’s data when he plugs it into his computer. This is called Planted Media.
- Scammers Blackmail staff with personal secret exposure and other threats.
- Scammers take advantage of employees with no company loyalty and offer them free gift certificates and electronics under the guise of a corporate survey. The employee doesn’t really care enough to protect your interests over a free iPhone or $100 gift card and gives out critical data.
- Scammers pose as IT support, calling various companies until they find a gatekeeper with a tech problem. When they do, they get log in information that way.
- Lastly, phishing scams that target high-level execs are proving much more effective than traditional phishing scams. Scammers that go, “Whale hunting,” pretend to be corporate vendors and make phone contact with high-level execs. After a phone call, they get the execs to click on phishing links in emails and open attachments.
“An ounce of prevention beats a pound of cure.” Ben Franklin
Educate your staff today and develop a disaster recovery plan. Social engineering relies on human kindness and lack of information to thrive. Informing your staff gives them the ability to make the right decisions.