Could You Spot a Social Engineering Attack?
As invaluable as the security solutions that protect a network are, they can be effectively rendered useless if a cybercriminal is skilled in social engineering. Social engineering is the practice of using manipulation to access protected resources, as we will review later. If your business and its team are vulnerable to a social engineering attempt, you are missing a critical piece of your data security strategy.
What Makes Social Engineering Effective?
Social engineering is the equivalent of pointing to an imaginary spot on someone’s shirt, only to flick their nose when they look down -- by posing as someone trustworthy, a cybercriminal is given the opportunity to do as they will with a business’ data. These attacks have two factors going in their favor.
First, a social engineering attack isn’t the kind of attack that the average user is on the lookout for. They will have instead heard about botnets and ransomware and other big, external threats, and so won’t think to question what seems to be a legitimate-looking message.
Secondly, there is plenty of data readily available on the Internet to help build a convincing social engineering attack. This data is referred to as open-source intelligence.
Open-source intelligence can come from a vast array of data sources, which only assists an aspiring social engineer. Through some digging on the Internet, a social engineer can find plenty of information that better informs their attack.
What the Internet Can Provide
With the right research, a social engineer can compile an unnervingly comprehensive profile of a business, its employees, its operations, and more. Some very brief and incomplete examples are as follows:
Information about the kind of technology a business leverages is surprisingly common online. Job postings, for example, often identify the hardware and operating system a company uses to ensure that an applicant has a familiarity with the systems they would be working with. The trouble is, this also helps a criminal by identifying which exploits will be effective against a company. Furthermore, if a company isn’t careful, their social media images could provide a cybercriminal with information about their networking hardware.
It is also common for people to overshare on social media, which can easily lead to company information being shared as well. This includes, in addition to the access of information many allow to be publicly available via social media, images from within the workplace. Such images often reveal the kind of computer used by employees, as well as the contents of their screens and any information displayed on them.
Additionally, many people will discuss their work schedule on social media, as well as provide a detailed account of their professional experience, giving a social engineer more data to work with.
Vendors and Other Companies
External services that provide for a company can help a social engineer gain access to that company, especially if the service provider uses them as evidence of value on their website. Janitorial services and trash pickup services are especially valuable, as data could potentially be stolen after it leaves a business’ premises.
In short, while protecting your data with firewalls, authentication requirements, and other digital measures is crucial, it is just as crucial to also ensure that your employees are aware of the dangers that social engineering can bring. Establishing processes to help thwart social engineering attempts is something that every company should do, as it will help to protect them from these attacks.
For help in planning these processes, reach out to White Mountain IT Services at 603-889-0800.
- Would You Fall for this Adult Scam if You Saw an Old Passwor... As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them. To preface this scam, we need...
- 4 Internal Threats Every Business Owner Should Understand In light of all the data leaks and vulnerabilities that have been brought to light over the past few years, network security has to be a priority for every business. One problem many organizations have is that while they are protecting their network and infrastructure from threats outside their comp...
- Getting to Know Technology: Hackers It doesn’t matter how much of a technology novice someone is, chances are, they’ve heard the term “hacker” before. A favorite character trope of Hollywood films and television dramas, these cybercriminals have appeared in productions like Die Hard and Mr. Robot with varying degrees of accuracy. Belo...
- Backup and Recovery of Collaborative Environments As the cloud is being utilized by more individuals and organizations to meet their computing needs, more very important data is hosted outside of local computer networks. As a result, people utilize cloud storage for their backup and recovery strategies. In fact, it has become the primary use of clo...
- Tip of the Week: How to Spot a Scam What would you do if you sat down at your desk one morning, coffee still kicking in, to discover a pop-up message on your computer announcing that Microsoft has detected a fatal issue with your workstation, and if they aren’t allowed to remote in and fix it, the entire network could be at risk? Woul...
- Is It Safe to Have Your Browser Remember Your Passwords? Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you. Nope! While yes, the fact that we no longer ha...