Everyday, 3.4 billion fake emails are sent. Phishing, a form of social engineering, accounts for half of all fraudulent cyber attacks. With so much focus on higher level decision makers and the efforts of security teams, it’s important to remember that “some of the most effective cyber attacks aren’t targeted at hardware or software – they’re targeted at people. Social engineering attacks often involve no more than a telephone or email address.”
In 2018, every third attack involved social engineering — which can be through email, chat, phone calls, messages, or even old fashioned mail. Hackers used social engineering to penetrate internal networks in 43% of incidents. There is no evidence that the number of incidents will decrease. In fact, 2018 saw social engineering attacks jump 233%. And forecasters predict that social engineering will remain the main method of malware distribution. “As people are becoming more aware of various fraudulent techniques, hackers will devise new sophisticated ways to deceive users.”
Social engineering is one of the most difficult attacks to defend against and occurs in various forms, including phishing, whaling, vishing, waterholing, and SMiShing. What these have in common is that they often exploit individual weaknesses: curiosity, greed, fear.
In general, beware of contact from anyone who is asking for immediate assistance, seeking donations to a charity, requesting you verify information (even information you might not consider sensitive), or responding to a question you did not ask. But to be more secure, follow the following 4 steps.
4 Ways to Prevent Social Engineering
In addition to using email protection software, there are a few things individuals can do to prevent a successful social engineering attack.
1 – Know what information is valuable to a hacker and don’t share it. By identifying what might be “valuable” information, you can keep from putting that information into the hands of someone you may not know or don’t trust. This is as true for companies as it is for individuals.
2 – Verify verify verify. Know who you’re communicating with — and make sure they are who they claim to be. Don’t click links to go somewhere before verifying they’re what they claim to be. Don’t callback phone numbers printed in emails, use your own phonebook or use a search engine or official website to find the number to call. Don’t default to trusting phone numbers on calls or text messages nor sender’s email addresses.
3 – Slow down. Time is valuable, but slow down and make sure to follow company processes and procedures. Take the time to double check that you’re not walking into a trap.
4 – Training and Education. Cyber criminals are continually upping their game. Phishing emails used to be easy to spot. Today, it’s almost impossible to tell a genuine email from a fraud. SIM cards can be cloned and phone numbers spoofed. Just because it looks genuine doesn’t mean it is anymore. Keeping your training and education up to date is essential.
Cybercrime is a $1.5 trillion industry. There’s no need to contribute to it as a company or individual if you can prevent it. Remember and use these 4 steps to help thwart social engineering. By working together and sharing this information with friends and colleagues, we can make our world safer, stronger, and more secure.