What is Social Engineering ?
Social engineering is a technique used by cybercriminals designed to lure unsuspecting individuals into:
Divulging confidential information;
Infecting computers with malware;
Opening links to malicious sites;
Replying to emails with information which may be valuable (for e.g. personal or financial information);
Sending payment to a cyber criminal;
Social Engineering can take the form of an email (phishing), voice calls (vishing) and text messages (smishing).
Some may be delivered to your inbox. These emails may contain a malicious link, attachment or a request for sensitive information. One way to spot this kind of attack is if the ‘sender from’ address is unfamiliar or does not match the displayed address when hovered over or clicked on. Sometimes, these emails will be poorly worded and may require you to complete instructions with urgency or rely on emotions to get you to respond or interact with the email in some way.
Many cyber criminals regularly attempt to exploit world events, employers and organizations. As a large firm, You and our people are considered high-value to sight criminals. Always double check messages you receive by inspecting the sender, spelling and grammar. It is uncommon for legitimate services and organizations to ask for payment or personal details by text message. If you receive a request by text message, contact the organisation by different method. For example, call or email them to validate their requests. For voice calls, before making any payments, divulging personal information or following their instructions, you should verify the caller’s identity, if they’re genuine, they won’t mind you wanting to verify the call. This can be done by obtaining a reference number and calling a verified number for the company or organisation. Remember, be smart, be secure.
Phishing attacks will use infected email attachments or links to malicious websites, which could harvest credentials, personal information or spread malware throughout the device. Other forms of phishing attack include spear phishing and whaling. A spear phishing attack targets a specific individual to gain access to corporate information, whereas a whaling attack targets senior or high profile members of an organisation in an attempt to gain access to an organisation’s most valuable information. These attacks by cyber criminals can be more difficult to recognise and are generally more sophisticated than an average phishing attempt.
2. Vishing or voice phishing
Vishing or voice phishing is a fraudulent attack, which occurs over the phone. A call can be an automated voice or an actual person, who will attempt to gain your trust to divulge personal information or get you to complete an action like downloading an application or making a payment. The caller will most likely attempt to sound official and attempt to gain your trust.Vishing or voice phishing is a fraudulent attack, which occurs over the phone. A call can be an automated voice or an actual person, who will attempt to gain your trust to divulge personal information or get you to complete an action like downloading an application or making a payment. The caller will most likely attempt to sound official and attempt to gain your trust.
Smishing is when a cyber criminal sends a text message requesting you to follow instructions, click an attachment or click a link that redirects you to a malicious website. They often pretend to be well known organisations in the hope that you will follow their instructions.