Social engineering refers to the art of manipulating people into giving up confidential information. This type of fraud has become much faster-moving and creative since the internet.

Social engineering criminals are generally seeking information like passwords, bank information, or direct access to computers where malware is secretly installed to hold your computer hostage.

In a business setting, social engineering often has the purpose of collecting business secrets or massive swaths of client information in one fell swoop.

What does social engineering look like?

These are two common examples of social engineering:
1. An email from a friend comes in, directly from his or her email account. Any email that comes—even from a trusted source—that asks for anything out of the ordinary or requests personal information should be ignored. Contact the person whose account was used to email you (by phone, if possible) to verify whether the email was legitimate.
2. Emails from other trusted sources like your phone provider or a social network are another common source of social engineering attacks. If you’re ever emailed and told to click a link, divulge personal information, or download files you weren’t expecting, contact the company emailing you to validate whether the email really came from them.

Most social engineering attacks try to dangle something desirable in front of you, such as “click here to download this hot new song” or “surprise, you’re a winner!” These are called baiting scams.

Other social engineering will try to scare you with urgency, like a friend suddenly writing to say she or he was robbed while traveling and needs a loan to get back home.

Tips to avoid social engineering attacks:
• Slow everything down. Never act before you think. Any message you receive with urgency or high-pressure should be validated with the sender.
• Be suspicious of any unsolicited message.
• Don’t click on links in emails; instead, try to navigate to the webpage directly.
• Watch for inconsistency in writing (style and format) and sender email addresses.
• Beware of ANY download. Unless you personally know the sender and are expecting a file, don’t download anything before verifying its legitimacy.
• Never believe any offer or “prize” from abroad.
• Never provide ANY personal information about bank accounts via email; no financial institution will ever request that information in an email message.
• Secure all your devices from social engineering, too, including company PCs, laptops, tablets and other devices.

Work with your proactive IT services provider to keep your whole network and internet of things up-to-date with software and hardware updates. This will strengthen other security measures like your firewall and anti-virus software at the same time.

Ready to learn more? Contact us today.