Social Engineering is the act of manipulating someone into taking specific action for the attackers' benefit.
It's a form of manipulation with the goal of gaining access to or stealing something and often forms part of a phishing campaign.
How Social Engineering Works
Social engineering is designed around our default position to trust. Trusting that the person who says they're calling from Microsoft is legitimate, that the email from Australia post is real, or trusting that that strange website is actually safe.
Cybercriminals will design their attacks to look enticing and trustworthy in the hope that you take the action they are wanting you to take.
Their goals range from stealing credit card details and identity theft, to gaining access to install ransomware or damage your business.
Here are a few common examples of social engineering:
For a phishing attack to be successful, the recipient or victim of a phishing email needs to click a link or open an attachment. The cybercriminal will use social engineering to make the email look enticing or convincing enough for you to take the action they want you to.
A seemingly helpful call from someone claiming to be IT support from a reputable company, asking for your password so they can update your software or asking for your updated credit card details. Sadly we often see this style of social engineering targeting the older members of our population.
Baiting is the act of placing something enticing somewhere on the internet in the hope that you will click, provide your credit card details, or download it. Once downloaded you could be giving the cyber criminal access to your computer, or once paid, you may find that you never receive the items but you do receive some odd charges that you don't recognise on your credit card.
How to Prevent Social Engineering
While you can't stop cybercriminals from trying, you can implement protective technology measures, and educate your business on how to identify a scam. Here are a few ways you can get started:
1. Read the Australian Government's Little Black Book of Scams.
2. Check that you have a good antivirus installed
3. Ask your IT support team if you have email filtering, with phish protection
4. If you ever feel unsure about an email, website or phone call, check in with your IT support team and ask them to validate it
How Powernet Can Help
We provide cybersecurity solutions that support many different business models. We understand that every business has different technical, regulatory and industry-specific vulnerabilities and tailor cybersecurity technology to suit your specific requirements.
Our cybersecurity teams across Melbourne, Sydney and Brisbane can help you assess whether you have the right measures in place, and what else you can do to stay safe online, get in touch to learn more.