It’s no secret that there are some unscrupulous operators taking advantage of the Internet. It is, after all, why anti-malware programs exist and why we have passwords that should be kept to ourselves. But the steady evolution of social engineering has meant the importance of proper online protection is a must.
The Internet can be a gold mine for hackers who can gain access to personal accounts – from email to financial. According to Symantec’s 2014 Internet Security Threat Report, there was a 62% increase in the number of security breaches in 2013 than in 2012, with over 552 million identities breached in total.
Although the figures for 2014 are not yet compiled, the most talked-about incidence of social engineering was easily the Sony Data Breach. This saw information of tens of thousands of Sony employees – including famous Hollywood actors – released to the public.
What Is Social Engineering?
In simple terms, social engineering is comparable to what a con-man does. It’s not straightforward stealing. Instead, it’s a blend of technology and psychology used to compel someone to share their security information.
Surprisingly, social engineering can be done offline as well as online. There are 4 most popular types of online scams which include:
- Pretexting – This is where a false scenario (pretext) is created to legitimise the scammer’s claim. This claim convinces an individual or business to divulge sensitive information. Online, you may get an email from an individual.
- Phishing – Involves an email message from a seemingly legitimate business or organisation. This email message will request you to open the attachment containing vital information or verify your details by clicking on a link, which contains malware. There areseveral types of phishing to be aware of. Spear-phishing is one in particular.
- Spear-Phishing – This is much the same as phishing. But, these are person or company-specific. Personal information is used in the email, making it seem more genuine. It’s one of the most successful types of attacks.
- Baiting – This is a USB or disc containing malware which is left in an obvious place (eg: internet café) by a scammer who is confident someone will use them out of curiosity. The infected file is carefully titled to tempt the victim.
Beating a Social Engineering Attack
There are several steps you can take to protect yourself from online scams. But, as is often the case, a lot comes down to simple common sense. Below are some important suggestions to take into account.
- Never Give Out Confidential Information – Never accommodate information requests from complete strangers. It’s like giving your credit card details to a stranger on the street.
- Set Serious Security Questions – Security questions are supposed to provide an extra wall of protection, so make your questions hard to crack. Pick the ones with easy-to-remember answers, but something more obscure than your pet’s name.
- Never Trust Reset Emails – One of the oldest tricks is to send an official-looking email from a company asking you to reset your account password. If you get one, immediately contact the customer support desk at the company in question, but absolutely DO NOT click the link!
- Check Your Account Activity Regularly – Keeping an eye on your account activity on a regular basis is very necessary. This is to check no unauthorised dealings have been going on in your account.
- Always Diversify – It’s tempting to have one password for all your accounts. But, if someone manages to crack your password, then they can get everywhere. So diversify! Set a new password for each of your different accounts.
Greater Security with NSI
All of the advice above can help increase your personal and company online security. But, as part of our counter-Social Engineering service, we gather data on staff responses to external emails and calls to assess the level of staff security awareness. Therefore, the effectiveness of current security protocol is highly achieved.
Our reputation as one of Australia’s leading technical surveillance counter-measures firm has been earned after helping some of the country’s most sensitive government branches and independent corporations to improve their security levels.
For more details on the NSI Social Engineering Service, check out our website or contact us directly by email or phone.