Stay Safe from Social Engineering
A technique used by cybercriminals to compromise users
Social engineering is something that is often used by attackers to gain access to an account or Network. In order to properly defend yourself against social engineering attacks, it is important to understand what social engineering is and how attackers utilize it to compromise users.
If you’ve seen Ferris Bueller’s Day Off, you’ve actually seen social engineering in action and may not have realized it. When Cameron calls Mr. Rooney, impersonating Sloane’s father, this is actually a simple example of social engineering. Cameron pretended to be Sloane’s father with the end game of getting Sloane excused from school. As comical as it is, this demonstrates how easy social engineering can be.
Social engineering can be defined as tricking someone into either doing something or giving up information. Some classic examples of social engineering include: someone calling and pretending to be the IT department in order to get a password for an account, pretending to be the IRS in order to get your social security number, or someone dressed as a technician from an ISP (e.g. Comcast) and saying they need access to your home or business in order to fix a problem. These are all examples of social engineering that have been done by malicious attackers in the past with the end game of either getting information or gaining access to a location.
Here are a few tips that you can follow to help protect against various social engineering attacks.
- Always confirm identities. If an unexpected vendor stops by (e.g. Comcast) but you weren’t expecting them, call the vendor to confirm the person is who they say they are.
- Be cautious about e-mails/calls that ask for passwords and use urgency as the reasoning (e.g. I need your password because of ‘insert urgent reason’)
- Be cautious about any e-mails/calls that say you’ve won something, but require you to take action (e.g. you’ve won this special vacation, we just need your credit card to confirm your tickets)
These are a just a few things that you can do to protect yourself against various social engineering attacks.
Contact us at Rubica if you have any questions about other ways to combat social engineering or any other cyber security matters.
