You know about all the technical security issues – shadow IT, phishing, ransomware, etc., but it’s time to look up from your screen and question the person talking to you. One of the increasingly popular “hacking” techniques used by criminals does not include hacking a computer; instead, it is about hacking human psychology in order to gain access to secure information.
What is social engineering?
Social engineering is a con or a scam used to gain access to buildings, systems or data. It is a way to go around all your technical safeguards by conning someone to let them in the office without a keycard or give them a password to your network.
Why is social engineering gaining popularity?
Social engineering is nothing new. At last year’s Secure360 Conference, Frank Abagnale, of “Catch Me If You Can” fame, shared stories from past and present illustrating that, while he was a highly successful social engineer in the 60s, technology has made cons significantly easier. Social media has turned people into information sharing machines, so finding out the answer to someone’s bank security questions can be as easy as searching their Facebook page – much easier than hacking a bank. This increased simplicity has led to the not-so-tech-savvy being able to capitalize on digital data.
While it has made stealing data easier for everyone, traditional hackers use this method, too. Social engineering allows hackers to enter a system without tripping any alarms; hackers can now be lurking in your network without ever setting off red flags.
How to protect against social engineering
Tripwire has an article on 5 social engineering attacks to watch out for. However, it’s also important to remember that cons are always creating new scams. Here are a few general things you can do to prepare yourself to spot any social engineering scam:
- Stop positing confidential information on social media. Seriously, how well do you know the people following you? Between what you have in your profile, write in your status updates and share from Facebook quizzes, con artists know more than enough to answer your security questions.
- One way to avoid social media undermining your security questions is to use fake answers. Just remember your fake answers and put them into your password manager if you might forget.
- Call about password reset emails. If you are getting password reset emails you didn’t request, call the tech support number. Sometimes hackers are trying different ways to get into your account and just hoping you will ignore those emails. Many places will freeze your account for you.
- Watch your accounts. You can’t catch every attempt, so watch your accounts in case someone got into them. Check your email, social media and financial accounts frequently to ensure only you are logged in and using them.
No matter what we do, we won’t be able to prevent the “human factor” from being a security risk, but we can decrease the risk. Share this information with your employees, family or friends. Awareness is vital in preventing social engineering.