Social Engineering is the use of a person’s personal information for criminal profit. And because of the increasing use of social sites like Facebook, Instagram, and LinkedIn, there’s more of that information freely available than ever before.
98% of cyberattacks rely on a social engineering component.
Cybercriminals use Social Engineering as a way to get past IT services that are designed to protect your network with things like firewalls and anti-malware programs. They prey on the human defenses, which tends to be easier to get past.
How Social Engineering Works
There are two main ways that Social Engineering is used:
- To gain a person’s trust by use of personal information they’ve shared
- Hacking login credentials by use of personal information
For example, a scammer might claim to remember you from high school and strike up a conversation reminiscing about the old days (using information they’ve cleaned from yours and other’s social media profiles).
Once they’ve gained your trust through a series of direct message conversations, they then may send you a message to “check out this page,” with a link to a site with a malware download.
So, basically the scammer earns your trust by using details you share on social media so they can perpetrate their scam.
In the other scenario, a scammer gleans your information on social media and then uses that in a targeted phishing campaign to trick you into downloading a malicious file.
Or they may have enough information from your profile to guess your passwords and any challenge questions you may have set on your account.
Think of all the types of things we have readily available on social networks:
- Where we work
- Our title and position
- Pet’s names
- High school/college that we attended
- Children’s names
- Birthdate
- …and more
It doesn’t take much for someone to create a pretty accurate profile of a person and know just how to manipulate them.
Ways to Protect Against Social Engineering
For most of us, swearing off social media is not an option. There’s a reason that approximately 223 million Americans use social media. Because it’s a great way to connect to people both for personal and professional purposes.
But there are some tactics that you can take to ensure you’re protected against the risks that come along with sharing on social media sites.
Use Fake Challenge Answers
Your pet’s name is a common password challenge question used to reset a password. And it’s something that a person can generally find on social media. Instead of using real challenge answers, use fake ones.
For example, if your pet’s name is Fluffy, use Rover instead when setting up a challenge question. Using answers that have nothing to do with your real life, can help thwart a Social Engineering scammer.
Use Friends/Family Only Privacy Settings
Rather than letting the world at large into your social media feed, change your privacy settings for only those connections that you’ve “friended.”
And be sure to also restrict what others are allowed to share from your feed. For example, you can set your photos so that they can’t be shared by anyone else on their social feed.
Be Suspicious of Fast Friends
If a new contact is suddenly is acting like your best friend and messaging you so much that you wonder what they do all day. That’s a sign that this could be a Social Engineering scam.
These types of scammers often flatter you to try to get your defenses down and earn your trust. If someone seems too good to be true, they often are, so keep your guard up.
Use Strong Anti-Phishing Software
Even the best of us can get fall prey to a social phishing attack that looks legitimate and uses details that seem real.
A good backstop is an anti-phishing software that uses sandboxing to contain suspicious attachments. And can also help safeguard you from links that take you to malicious sites.
Is Your Team Properly Trained on Social Engineering?
You and your staff don’t have to learn the hard way when it comes to the new threats arising out of social media use.
RCOR can provide Social Engineering, cybersecurity. And phishing identification training for your team so they’re aware of any threats to their information and your company’s.
Schedule your cybersecurity training today by calling call 919-313-9355 or contacting us online.
