You Can Be a Victim of Social Engineering

Social engineering is a human hacking tactic, as opposed to brute-force attacks, that involves unsuspected social engineers who take advantage of the gullible nature of the victim (You!) and extract information such as credentials, access codes, financial and trade secrets, and any other sensitive data that the victim is privy to. Humans are the weakest link in the security forte of an organization. A security appliance maybe difficult to break into; but an employee, who is easy to manipulate, is the hacker's key to Fort Knox. Social engineering also includes commonplace--but highly overlooked--threats such as phishing, hoaxes, shoulder surfing, tailgating, etc.

 

Common Social Engineering Traps

Means

Motive

  • You could receive a call from a trusted source to reveal sensitive data
  • The caller can be a phony pretending to be someone else to con information from you
  • You could get an unsolicited email requesting credit card numbers and passwords to be filled in
  • It can be a phishing attack to obtain sensitive information from you
  • You could happen to meet with an unassuming stranger who wants to conduct a survey, or just earnestly seeks help
  • It could be a social engineer trying to con you with his guile of speech and false identity


Watch this video where Greg, a naïve and helpful IT administrator, gets hoodwinked by an expert telephonic trickster. Funny, and yet enlightening!

  

  

Help the Hacker Not! – Tips to Stay Protected

You don’t have to turn paranoid and be alarmed at every single phone call or email. It just takes more awareness and education on social engineering, and some secure online and social practices to stay protected.

  • Be aware of social engineering attacks. Educate your peers, employees and friends.
  • Do not divulge personal information and company data to any untrusted source, however convincing and genuine it may look.
  • If you are suspicious of any person or specific email, report the case to your organizational authorities and IT security teams.

 

If at all there happens to be a case of social engineering attack, monitor logs from all devices and workstations to see any unusual behavior pattern or non-compliant activity that may lead to data theft or other cyber-crimes. It’s nice to be helpful, but do you really want to help the hacker? (Unless you want to end up holding the golden crowbar like Greg does!)

 

 

Security Week

This is the first day of SolarWinds Security Week (August 19-23). Stay tuned for more security tips and entertaining videos throughout this week!

 

Security Week v2.PNG

 

Learn More