Social engineering attacks are scams using psychological techniques to trick you or your employees into revealing private information.

Similar to the tricks and tools used in movies such as “Oceans 11” or the television show “Mr. Robot,” these efforts can be elaborate or simple and done remotely. The risk is real and unsuspecting companies are attacked all the time. Social engineering attacks try to give off the impression that they aren’t scams at all.

The end goal of the techniques used, which we will explore more below, are for the scammer or attacker to find out as much information as possible, then use it to hack you or your company, to gain funds or intellectual material. These tricks include getting someone to insert a fake USB meant to hack you, imitating a trusted person, trying to obtain protected information through email, or attempting to have targets download a file.

Enlarge

How to Prevent Social Engineering Attacks in the Workplace

Educate Your Employees

As your employees conduct their workday, many go online into their accounts, whether you realize it or not. Your employees will access search engines, email, or social media accounts. They will post photographs, work-life updates, and detailed information about your company or the people in it.

Whether your CEO is the one who spills the beans about their big trip out of the country, or an employee, alerting hackers about the times when security is lax (ex., “Everyone in the office has left for the week, except me.”), this can be a legitimate risk to any corporation or business.

Educate your employees on what details, if any, are okay to share publicly, and consider a non-disclosure agreement for anything highly private. Check the details that attackers already know about you through Social Catfish and discover which security to beef up!

Unknown USB

When people find USB drives, they tend to plug them into their computer and thus expose their information or that of their company. This isn’t an unproven theory, tests have been done, and the reality is more than anecdotal.

Theoretically, a skilled hacker could get highly sought-after intel, if even one employee inserted a USB they were sent or found. You can read more about the University of Illinois report on this, here: https://experts.illinois.edu/en/publications/users-really-do-plug-in-usb-drives-they-find

To prevent this, education is also essential. Do not insert any USB into your company computer if its origin is unknown, as it could install malware or lead to a hack or system crash. Make sure all tech software is up to date, to help catch and prevent phishing attacks.

Enlarge

Unsolicited Communication

If you have people that you correspond with frequently, add them to your address book. That way, if attackers message from a different email address (which has been altered to showcase a first and last name of someone you trust), you will be more likely to notice the change. Another source of social engineering attacks are emails which seem to be professional (ex., they reference that they’re sending employee database updates or marketing information) but contain downloadable malware or links to phishing sites.

If an email seems to be from a trusted coworker or business contact, but the instructions are suspicious, call the individual directly to inquire on the content of the message. Use the phone number on their website or in your phone, not in the email sent. Also, consider speaking to your technical department or superior.

Enlarge

Password and Entry Off-Limits

Do not give out your password, to anyone. One example of social engineering attacks is your website server calling to alert you of a hack and needing you to verify your company’s website password. The person on the other end of the line may sound professional.

They know what they’re doing and have a lot of practice. Don’t trust any request for a password and, if you have given a password for a system to the wrong person (even a former employee!), change your password and security questions immediately.

As new phishing, vishing, spear phishing, and whaling are daily forms of social engineering attacks, be diligent and read up on the subject often.

Search through Social Catfish to see what information about you or your company is discoverable online and what you can remove.

Related Articles

Spokeo Alternative: How Does Social Catfish Compare?

Posted January 10, 2020 by Jen D.

Frustrated with your information appearing online? Want a Spokeo alternative that doesn't let the wrong people know your private details? The answer is found on Social Catfish, a c… Read More

Spear Phishing: 4 Ways to Block These Type of Attacks

Posted November 1, 2018 by Gloria Todisco

Spear phishing is an attempt to steal sensitive info such as credit card, financial, and banking info from a victim for malicious reasons. The main difference between regular phish… Read More

How to Find Out If Someone is on Social Media

Posted January 4, 2017 by scfadmin

Perhaps you’re wanting to locate a crush, lover, boyfriend or girlfriend, spouse, potential date, or long lost friend online and through social media. Regardless of the circumsta… Read More

[Infographic] Where Do Fake Social Media Accounts Come From?

Posted January 9, 2018 by David McClellan

The Internet has become a world of social media and connections. Whatever your wish or desire, you can find it online and find people who share commonalities with even your most un… Read More