Welcome to this enlightening article where we delve into the world of social engineering. We will explore the very essence of social engineering, unravel the intricate workings of social engineering scams, uncover the tactics employed by social engineers to deceive unsuspecting individuals, underscore the crucial importance of verifying the identities of unfamiliar contacts, and equip you with the knowledge to effectively safeguard yourself against falling victim to these cunning social engineering attempts. Prepare to fortify your defences and sharpen your awareness as we embark on this journey to demystify the art of social engineering.
What is Social Engineering?
Social engineering in a security context, is using deception to make an innocent victim help carry out a scam. Social engineering is used to dupe an innocent victim into being an unwitting accomplice of the attacker.
Common Social Engineering Attempts
The following are some of the criminal attempts by social engineers to gain through social engineering:
- Requests for Usernames and Passwords
- A social engineer may pose as a member of the IT support team and ask you to give him your username and password.
- You may even receive a call from someone who claims to be from the IT support team asking for your credentials or details from a device in the office.
- Requests for Money – A social engineer could pose as a contractor and send you a fake invoice.
- Requests for Access to Secure Areas
- A social engineer could dress as a plumber in an attempt to dupe you into giving them access to secure premises.
- A plumber could knock on the door and say he has come to fix a pipe, while he is in fact a social engineer.
Tips on Cabbing Social Engineering Attacks
- Usernames and passwords:
- It’s important to protect your passwords. You should NOT share your passwords with anyone even if they request them. There is no legitimate reason why anyone would ever need to have your passwords, as legitimate IT staff can use admin privileges to access your accounts.
- When you receive a call from someone who claims to be from the IT support team. Tell them you will call them back and call your IT support team directly. This will ensure you are speaking to who you think you are and allows you to report the caller if you discover they were not who they said they were.
- Privacy Settings on Social Media: It is a good idea to restrict your privacy settings on social media. This will make it harder for criminals to find pretext information for social engineering attempts. Any information criminals can gain about you can make a social engineering attempt more likely to be believable and succeed.
- Access to Secure Areas:
- If you witness a potential impersonator gaining access to secure premises. Contest the person if safe to do so, and then report the incident. Any impersonation attempts should be reported to security or building staff immediately.
- When you enter and exit your workplace through a secure door or barrier, every time you pass through you should always take a security precaution. That way, you will not let any unauthorized person into the secure area. If someone claims to be a plumber or electrician, or someone else who has been authorized, direct them to sign in at reception.