What is Social Engineering?

Social engineering is another technique used by hackers to gain personal data from individuals through unauthorised access. This happens by hackers either contacting you directly and conning you into handing over your details, or through getting you to open a link/attachment that installs malware onto your device. If you have ever received an email asking for personal information or telling you that your account is at risk unless you provide login details, or attempted to open something that caused you see a security flag from your anti-virus software, then you have encountered social engineering.

The Strains of Social Engineering:

There are different techniques of social engineering used by hackers depending on their own personal knowledge and skills. It doesn’t tend to be the most challenging form of cybercrime, but it is for this exact reason that is the fast-growing type of crime hackers are committing. The accessibility of the resources mean that the attacks can potentially result in big prizes with limited effort needed to get them.

Baiting

Working in disguise, baiting is when malware is hidden, and you don’t know it’s there until you have installed it onto your device. It can be physical, in the form of an infected USB stick lying around that once plugged in exposes the device to malware. Most commonly though, it comes electronically. This comes when you are sent a link that, despite appearing to be harmless, creates an entry point for malware as soon as you click on it, highlighting how fast you can have problems through the most unexpected areas.

Phishing

Falling victim to phishing is when you are targeted through a fraudulent message by a hacker pretending to be a legitimate source. Their aim is to either get you to hand over personal information directly or providing you with a malicious link to spread malware, in both cases though, phishing is the most personal type of attack.

Hackers are getting better at it too, through using professional marketing techniques, they are able to create an incredibly legitimate looking email, causing recipients to do as it says because they don’t question the source at all. It is because of this growing sophistication in the preparation of phishing, that hackers are achieving success 50% of the time. Stressing how too many people are falling victim to hackers through an avoidable case of human error.

Attackers pose as legitimate sources such as well-known high-street names in order to gain the trust of the recipient. This could be sent to a group of people, for example a group of customers that use a certain bank or sent to one specific person that is targeted through a highly tailored message, this is known as spear phishing.

Pretexting

This technique became much more mainstream topic when Barclays produced a number of adverts on the dangers of cybercrime in 2017, one of which was a perfect example of pretexting. This is when someone lies to gain privileged information over the phone. This specific example showed a profession dressed “bank worker” asking for the security PIN of a customer over the phone, by handing this over, the hackers gain access to you accounts and from there they have the power to cause significant financial damage. It doesn’t take many pieces of information for criminals to be able to access your accounts and take everything.

Scareware

Presenting itself as a ‘knight in shining armour’ is how scareware infects your device with a virus. An example of this could be a pop-up advertised as a ‘fix’ against a supposed viral threat to your device. By agreeing to this fix, malware is installed. The technique scares you into thinking you’re in trouble and causes you to make a panicked decision, and as a result you actively download the virus instead, rather than avoiding it.

Social Engineering Trends

The development of the internet means that as we become more and more dependent on it, the number of vulnerabilities increase too. This has caused a species of hackers to grow in skills and sophistication to keep finding new ways to catch people out.

Not matter the size of the company, hackers will try and make a profit from it. This is displayed by, ironically, the security company, RSA. The attack started with two phishing emails being sent out to a number of employees titled ‘Recruitment Plan’ and included an excel spreadsheet attachment supposedly containing further information on the plans. What it really contained was a malicious form of malware that was then let lose into the systems, compromising all of the company’s network and data. The result was a $66 million (£49m) loss, alongside a dangerous knock to their reputation.

This case points out how quickly a danger can spread through a company due to human error from employees. By failing to educate and train them on the threats of cybercrime, you are creating nothing but a weak line of defence, and consequently leaving your organisation at risk.

Steps to Protect Yourself from Social Engineering

Cyber security training means that the level of understanding within a business is increased and results in a consistent workforce in their attitudes around the topic. At the end of the day, employees are the ones that are on the lookout for suspicious activity, so training in email/social media/password/anti-virus software use can allow them to be prepared in detecting and responding to problems effectively. Social engineering is the human interaction and tailoring that comes with cyber attacks, so dealing with that effectively requires a prepared workforce. At the end of the day, the software can only benefit an organisation when it is in the hands of people with the right skills.

As a support to human training, the use of email gateways add further security by controlling and monitoring what gets in and out of your networks. This can prevent the majority of harmful messages from even getting close to the inbox, and as a result the organisation can remain in a protected bubble, keeping out the hackers to avoid financial and reputational ruin.

Nothing you download can give you 100% protection guarantee but teaming it with strong levels of human competency through training means that the chance of hackers getting in is reduced significantly.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.