You Can Be a Victim of Social Engineering
Social engineering is a human hacking tactic, as opposed to brute-force attacks, that involves unsuspected social engineers who take advantage of the gullible nature of the victim (You!) and extract information such as credentials, access codes, financial and trade secrets, and any other sensitive data that the victim is privy to. Humans are the weakest link in the security forte of an organization. A security appliance maybe difficult to break into; but an employee, who is easy to manipulate, is the hacker's key to Fort Knox. Social engineering also includes commonplace--but highly overlooked--threats such as phishing, hoaxes, shoulder surfing, tailgating, etc.
Common Social Engineering Traps
Watch this video where Greg, a naïve and helpful IT administrator, gets hoodwinked by an expert telephonic trickster. Funny, and yet enlightening!
Help the Hacker Not! – Tips to Stay Protected
You don’t have to turn paranoid and be alarmed at every single phone call or email. It just takes more awareness and education on social engineering, and some secure online and social practices to stay protected.
- Be aware of social engineering attacks. Educate your peers, employees and friends.
- Do not divulge personal information and company data to any untrusted source, however convincing and genuine it may look.
- If you are suspicious of any person or specific email, report the case to your organizational authorities and IT security teams.
If at all there happens to be a case of social engineering attack, monitor logs from all devices and workstations to see any unusual behavior pattern or non-compliant activity that may lead to data theft or other cyber-crimes. It’s nice to be helpful, but do you really want to help the hacker? (Unless you want to end up holding the golden crowbar like Greg does!)
This is the first day of SolarWinds Security Week (August 19-23). Stay tuned for more security tips and entertaining videos throughout this week!