Social engineering, the art of manipulating people to give up confidential information, has become a more prevalent practice among hackers today. Hackers can obtain personal information or sensitive data through various actions. Here are the five social engineering attacks you should be wary of:
Phishing – The most common form of social engineering, phishing attacks solicit sensitive information such as user credentials, credit card details, home addresses, and more. These attacks have become more sophisticated and harder to spot. Pay attention to how the email is worded and the email address of the sender. Never click on links that do not direct you to websites that are not secure. Banks and financial institutions will never ask you to verify your personal information via email.
USB Drives –USB drives are a thing of the past as they now pose a threat to your network. Hackers can leave malware-laced USB drives lying around in the hopes that someone will pick them up and use them. Once a person has inserted the USB drive into their machine, malware or viruses can take over. In many instances, this type of malware can collect passwords, logins, and machine-specific information that hackers can use to profit from. It’s a good idea to eliminate the practice of using USB drives and find other secure ways to share and backup files.
Phone calls – Most of us ignore calls from numbers we don’t recognize. These days it’s a safe practice as you can be inundated by various scams of free vacations, lower interest rates for your credit cards, and debt collectors. IRS phone scams and arrest warrant scams continue to occur across the country. Never give out your personal information over the phone. The IRS and FBI do not call and request personal information out over the phone. You should report all scams to the FCC immediately.
Social media – Hackers create fake social media accounts to follow unsuspecting victims and hack their accounts. They can also post phishing links to quizzes or products that can result in hidden charges or capturing personal information. You should not accept any requests on social media from users you do not know. In fact, Facebook recently discovered over 450 fake Russian accounts that were created to post and comment on news websites. If you are unable to view someone’s profile or establish some validity, it’s probably not safe to connect with them.
Physical security – Social engineering is not limited to just the internet. Breaching the physical security elements of an organization are another way hackers can get sensitive information. It’s important to have physical security measures in place to minimize your risk for a breach. Implementing a sign-in process for visitors as well as establishing protocol for access to restricted areas are just a few ways you can implement physical security of your data and network.
Carolinas IT performs social engineering experiments for companies looking to test their security policies and procedures. Contact us if you’re interested in having us conduct a social engineering experiment for your business.