The rise in cyber-attacks relating to supply chains has increased dramatically; research suggests that up to 50% of...Find out more
What Is Social Engineering?
It was found in 2021 that over 70% of all data breaches were due to social engineering!
Social Engineering is a very common cyber-attack that relies on human error rather than vulnerabilities within your IT. One definition of social engineering is “manipulating people into handing over confidential information such as a PIN or password”. Research has shown that cybercriminals use social engineering in 98% of attacks; therefore, the best way to minimise the chance of you becoming a victim of this, is through education. Cybercriminals will build trust or impersonate an entity in order for the victim to hand over confidential information. Social engineering can be very dangerous for individuals and companies alike, due to the amount of money or data that can be stolen. These kinds of scams can take place through:
We are going to talk about different types of social engineering so you can understand what social engineering is and how to protect yourself from it.
The first type of social engineering we will talk about is baiting. Baiting is given this name because it is the concept that cybercriminals are dangling something desirable in front of the victim in hopes they will fall for it. This can take place through a variety of methods, including:
As the name suggests, scareware is a type of social engineering which scares the victim into taking action on something quickly! The cybercriminal will take advantage of the victim’s fear in order for them to install software that isn’t what they need and actually contains malware. The victim could receive messages such as ‘you must act now to get rid of viruses and malware. In addition to this, the victim could click on a pop-up or banner that contains malware therefore always be wary of what you are clicking on, online.
Scareware can also be recognised for holding the victim’s data once they have downloaded the software hostage in exchange for a pay-out; however, the issue with this is the attacker has been able to access everything already so we would never recommend paying to get back everything you have lost.
The malware which infects a device can access all your data and allow the cybercriminal to hold it hostage. Secondly, it can install spyware which allows the cybercriminal to keep watch over everything you do on that device. Finally, the malware also has the ability to take up all of your storage within the device and take over the victim’s resources with adware.
Signs to look out for include:
Pretexting is a type of social engineering where a fake story is designed to grab the victim’s attention and persuade them into engaging with the message. Once the attacker has immersed the victim in the story, they will attempt to trick the victim into handing over valuable information.
These attacks are effective if the attacker is able to build trust and trick the victim into believing they are who they say they are. The attacker could choose to impersonate someone the victim is close to such as co-workers, family, friends or a business who has the right to ask you for particular information. For example, they could impersonate your bank and tell you that your account has been temporarily suspended and to fix this you must provide the relevant details.
If the cybercriminal is attempting to fool a big target it means that they would require a much bigger and more believable story in order to gain the sensitive information that they are after. To do this the scam artist will go through your social media accounts, what you engage with, and if they can find any immediate family members; this will enable them to build a profile on you which can help them have a more targeted approach.
In extreme cases they could even find where you live and follow you in person, however, this is quite unlikely. However, it should be noted that these attackers will do anything they can to get the information they want, and you should always be wary of how much you share of your personal life online.
The attack aims to get access to:
The final and probably most common form of social engineering we will address is phishing. In 2020, it was found that 75% of companies worldwide were a victim of phishing. Cybercriminals target their victims through a variety of communication methods, including email, telephone and text message. Typically, they will pose as a legitimate institution so the target victim will be willing to give over details such as personally identifiable information, banking details and passwords.
96% of phishing attacks use email which means that this is an element of social engineering you should definitely focus on within the workplace and ensure training is done on this. Phishing emails can be used to target any size and type of organisation). The attack on your business could be through the cybercriminal trying to collect new passwords or make some easy money; additionally, it could be a targeted attack where the attacker is attempting to steal your business’s sensitive data.
Once a hacker has found a point of entry into the business’s data systems, they will gain access to important accounts which is likely to result in identity theft and financial loss for your business. Email attacks can allow cybercriminals to do a range of harm including installing malware, sabotaging systems, stealing data, and money.
It is important to understand what to look out for; this includes:
If your business would like further support or guidance, contact us today:
Review TextTestimonial #1
Review TextTestimonial #2
Review TextTestimonial #3
Stephen SawleyBeing partnered with WPC is a joy. Their level of service and turnaround is exceptional. As is every member of the support team that I am in contact with. Savvy support and great to work with!
Mark GWe have been using Workplace Connect for around 2 years now, and have found them to be a great company to work with. The change over from our last provider was seamless, and we have enjoyed an uninterrupted service since then. They are always available to assist with any enquiries, and deal with all matters promptly. I wouldn't hesitate to recommend them to other businesses.
Elliot AzimI have worked with this company for over 4 years and can safely say that the customer service is second to none. The staff go above and beyond to assist with clients and suppliers and are always very friendly and responsive. I would highly recommend Workplace to anyone looking for a quality IT partner.