Five Ways to Prevent Social Engineering Attacks
Social engineering is a growing field and with your users at your last line of defence, security teams ought to be mindful of each user’s activity to interfere if needed. However, as an end user, you have a responsibility yourself to monitor your own activities. Here are some tips and tricks to start.
Some Quick Tips to Remember:
Think before you click. Attackers employ a sense of urgency to make you act first and think later in phishing attacks. When you get a highly urgent, high-pressure message, be sure to take a moment to check if the source is credible first. The best way is to utilise another method of communication different from where the message is from - like texting the person to see if they emailed you an urgent message or that was from an attacker. Better be safe than sorry!
Research the sources. Always be careful of any unsolicited messages. Check the domain links to see if they are real, and the person sending you the email if they are actual members of the organisation. Usually, a typo/spelling error is a dead giveaway. Utilise a search engine, go to the company’s website, check their phone directory. These are all simple and easy ways to avoid getting spoofed. Hovering your cursor on a link before you actually click on it will reveal the link at the bottom, and is another way to make sure you are being redirected to the correct company’s website.
Email spoofing is ubiquitous. Hackers, spammers, and social engineers are out to get your information, and they are taking over control of people’s accounts. Once they gain access, they will prey on your contacts. Even when the sender appears to be someone you are familiar with, it is still best practice to check with them if you aren’t expecting any email links or files from them.
Don’t download files you don’t know. If you (a) don’t know the sender, (b) don’t expect anything from the sender and (c) don’t know if you should view the file they just send you with “URGENT” on the email headline, it’s safe not to open the message at all. You eliminate your risk to be an insider threat by doing so.
Offers and prizes are fake. I can’t believe I’m still saying this in the big year of 2020, but if you receive an email from a Nigerian prince promising a large sum of money, chances are it’s a scam.
Five Ways to Protect Yourself:
1. Delete any request for personal information or passwords. Nobody should be contacting you for your personal information via email unsolicited. If you get asked for it, it’s a scam.
2. Reject requests for help or offers of help. Social engineers can and will either request your help with information or offer to help you (i.e posing as tech support). If you did not request any assistance from the sender, consider any requests or offers a scam. Do your own research about the sender before committing to sending them anything.
3. Set your spam filters to high. Your email software has spam filters. Check your settings, and set them to high to avoid risky messages flooding into your inbox. Just remember to check them periodically as it is possible legitimate messages could be trapped there from time to time.
4. Secure your devices. Install, maintain and update regularly your anti-virus software, firewalls, and email filters. Set your automatic updates on if you can, and only access secured websites. Consider VPN.
5. Always be mindful of risks. Double check, triple check any request you get for the correct information. Look out for cybersecurity news to take swift actions if you are affected by a recent breach. I recommend subscribing to our newsletter to keep you up to date with the latest in Information Security and other topics - www.isosystems.org.uk/subscribe
ISO 27001 - www.isosystems.org.uk/27001
If you wish to discuss your information security requirements, you can contact our ISMS Lead Implementer Scott Naisbett - https://www.isosystems.org.uk/contact