Beware of These Dangerous Social Engineering Tactics

Why SMBs Need to Care About Social Engineering Often, small and medium-sized companies make the mistake of thinking that cyber-attackers won’t target them with social engineering tactics. This simply isn’t the case. In fact, SMBs are often a more attractive target than large companies, as cyber-criminals consider them ‘low hanging fruit’. Social engineering, in particular, is a huge threat to SMBs. According to CISCO's 2021 Cybersecurity Threat Trends report, about 90% of data breaches occur due to social engineering. Given the prevalence of this threat, you and your employees need to know how to spot social engineering attacks. 

5 Dangerous Social Engineering Tactics You Need to Know AboutTo help you keep ahead of attackers, here are the common social engineering trends you need to watch out for. It may be well worth sharing this blog with your employees, so they feel empowered to spot phishing threats. We always recommend incorporating phishing training into your technology strategy to better educate your people on social engineering. We can facilitate security awareness training for you, so get in touch. 

1. Phishing A phishing attack is a form of email-based attack. A hacker will pose as a well-known brand, charity or financial institution in the email. The email will either contain an attachment loaded with malware or ask you to click on a link where you’re encouraged to share sensitive details.  Phishing attacks can appear eerily realistic. Cybercriminals are getting better at impersonating brands, often using their logos and tones of voice so that it’s hard to tell a fake email from a real one. In the worst-case scenario, the attachment in the phishing email could contain ransomware, a form of malware that encrypts access to your data and files until a hefty ransom is paid.

2. Whaling Whaling is a subset of phishing. It’s a highly-targeted form of attack, aimed at executives and CEOs. When a hacker conducts a whaling attack, they’ll first do loads of background research on their target, looking at their LinkedIn, company website and other social media channels.  From there, they’ll craft a highly-personalized email, pretending to be a representative from HR, legal or a client, and ask the executive to share sensitive information. They’ll even spoof their email address so it looks realistic and won’t raise any alarm. Because these attacks are so hard to detect, they have a high success rate.

3. Baiting Baiting is a sneaky form of attack where hackers manipulate human curiosity for their own gain. These emails often hold the promise of a reward - such as a gift card, money or something else for free - if the victim downloads an attachment. However, the only thing the victim gets for downloading the attachment is malware installed onto their devices. The type of malware varies. It could be ransomware, spyware or any other kind of virus. The sneakiest forms of malware can go undetected for months, working in the background on your systems to steal troves of sensitive data - without you being any the wiser! 

4. TailgatingSocial engineering attacks don’t just happen in the digital world! Criminals can also attempt to breach your physical property in order to steal resources or data. Most commonly, an attacker will walk into your building with confidence, right after someone who has unlocked the door with their access code. Because the criminal acts so confidently, the victim usually doesn’t ask them to go outside and enter their own code. In essence, they assume the person is harmless! While this isn’t a cyber issue, you should put strict policies in place and train staff on the importance of verifying unfamiliar faces that attempt to enter your premises. 

5. Shoulder surfing We’re in the age of working on the move. Often, people work from their laptops and phones in coffee shops, airports and even on the train to work. While this is good for productivity, you need to be aware that opportunistic cybercriminals are always around. For example, a criminal could see your employee enter their login details for their Outlook account, or capture sensitive data about your company’s finances - all by simply looking over their shoulder in public!  To defend against this threat, we advise that you purchase privacy screen filters for your employees. These filters ensure that only your employee, when directly in front of the screen, can see information on it. 

Defend against social engineering attacks today!The best way to protect against social engineering attacks is through anti-malware and spam protection, combined with employee training. We can support you with both! Texas I.T. Pros can work with your Denton or Wise County business to mitigate the risks of phishing.   Contact us today to learn more! Call 940-239-6500 or reach out online.