Cyber-attacks are one of the greatest threats to the world’s financial system and as companies continue to conduct increasingly more business online, cybercriminals have found new and more sophisticated tactics—the most common being social engineering. Social engineering attacks target people by feeding into human nature and using influence, manipulation, or deceit to gain sensitive information.
5 Common Types of Social Engineering Attacks to Watch for
- Phishing – One of the most common and familiar tactics is phishing. Cybercriminals use illegitimate emails or texts to instill a sense of urgency or fear in their victims. The email or text contains links to malicious websites or attachments containing malware.
There are at least six variations of phishing attacks, with a common one being spear phishing. Spear phishing is more specific and advanced. It starts with one person or a small group of people in an organization. An attacker will create tailored messages based on the victim’s job position, contacts, and characteristics to make them appear legitimate. Spear phishing requires a higher level of effort from the perpetrator and take a great deal of time to pull off over regular phishing schemes. - Pretexting – In this situation, attackers create a pretext, or fabricated scenario, to steal someone’s personal information. Most commonly, the attacker will impersonate a trusted individual stating they need certain details from a user to confirm their identity. The information they gather is then used to conduct malicious activities or worse, circumvent the company’s security policies.
- Baiting – Used to pique a victim’s interest or curiosity, baiting lures a user into a trap to steal personal information or infect their computer with malware. An example of this tactic is leaving a malware-infected USB drive in a spot where a potential victim would see it, such as the office bathroom. The victim grabs the bait and inserts it into a computer, allowing the automatic installation of malware.
- Quid Pro Quo – In this scenario, the attacker offers a service or benefit in exchange for information or access. The most common example is when a hacker impersonates an IT professional and requests information in return for money or access to the software. The hacker then installs malware in the guise of software updates.
- Tailgating – This technique is conducted in person and can occur when someone seeks access to a restricted area. It can be as simple as someone who follows an employee into a secure building, often with a ‘hold the door!’ technique. Imposters often disguise themselves as a repairman, delivery person, or vendor.
How to Prevent Social Engineering Attacks
As the digital world grows, cybersecurity threats will continue to become more common and more sophisticated, making it increasingly more important to learn about cyber threats and how to take proactive measures to keep you and your business safe. Here are a few best practices.
- Clean out your email inbox—delete, archive, organize, and even unsubscribe. This organization can help workers slow down and focus on the email at hand, helping to be mindful of who the senders are and evaluating suspicious links. Additionally, beware of tempting offers. If something comes into your inbox and you think it is too good to be true, it probably is.
- Stay vigilant when online. Cybercriminals may spend weeks and months planning an attack. When someone falls victim, be proactive in reporting the incident (and do not take it personally). Additionally, security awareness training using phishing simulations, engaging and relevant content helps prepare individuals for scams.
- Keep your tech healthy. Most devices update automatically, and antivirus solutions run quietly in the background so ensure both are working. Also, be sure to use multifactor authentication on passwords for an extra level of security.
- Lock your laptop whenever you are away from your workstation to prevent others from viewing or using your device when you’re not around.
