social engineering
social engineering

As long as humans are involved in a company, its security will remain as foolproof as their behaviour. Itق€™s rightly said that there is no patch for human stupidity. All the members of an organisation have some kind of access to information that is valuable enough to facilitate an attack. But simply due to lack of diligence and awareness, people end up doing more harm than good to their companies.
Social engineering is a process, or rather a skill used by attackers to deceive people and make them give away confidential information. If you are a part of a company or you run a company yourself, keep on reading to know what could put you at risk of data breach.

1. Impersonating: How much should you believe people?

Attackers use this social engineering technique to extract important data by pretending to be someone else. They usually target employees who are unlikely to question authorities or who are not careful enough to cross check peopleق€™s identity, especially in time of an emergency. They could be receptionists, low level employees, or even general helpers who have keys to important rooms.

impersonating
Clue
Example
Tip for employers
Tip for employees
Pro tip
Clue Attackers will create urgency to try avoiding proving their identity.
Example Someone calling as the manager/IT consultant in urgent need for a password.
Tip for employers Set an identity confirming protocol among the entire staff including top management.
Tip for employees Ask the person in question to follow the protocol, no matter who they say they are or how urgent the situation is.
Pro tip When it comes to outsiders, like technicians who need credentials for fixing a problem, give them a code beforehand which they can provide when asked for verification.

2. Phishing: How much you should believe the internet?

The trust we put on the internet sometimes puts us at a disadvantage. Through emails, messages or popups, attackers may lead us to fake or malicious webpages where we are prompted to enter critical data. The messages are either excessively tempting or reeking of urgency so that the viewer is tricked into taking quick action without verifying the source. Individuals and organisations could easily fall prey to giving away their confidential information like bank passwords via phishing.

phishing email content
Clue
Example
Tip
Pro tip
Clue Sense of urgency in the message.
Leads you to another web page.
Example An email stating itق€™s from the bank and requires you to click on a link and login to your bank account.
Tip If you find it even slightly suspicious, refrain from clicking on the link and cross check with the actual institution first.آ
Pro tip Look out for other kinds of phishing via: SMS (Smishing), VoIP (Vishing), or Instant Messenger (Spimming).

3. Fake apps: How much you should trust apps?

Everyday we download a number of applications on our devices to make our lives a little bit easier which is why mobile applications are a fertile ground for dispensing harmful attacks. Hackers use this social engineering technique to create fake or malicious apps that could compromise your device. They even alter legit apps into their own malicious versions and upload them for users to download.

fake whatsapp on playstore
Clue
Example
Pro tipآ
Clue There is a trigger (in the form of message or popup) to download the app.
Example A message asking you to download a specific bank security app.
Pro tip Cross check the developer before downloading any app. Go online and read reviews about the app/developer.

4. Other human based ways: How aware are you of your environment?

The rest of the highly common techniques used by attackers to steal data are:

Eavesdropping

Eavesdropping

An unauthorized personnel listening closely to conversations.

Dumpster diving

Dumpster diving

Searching trash bins for valuable data.

Shoulder surfing

Shoulder surfing

Looking over someoneق€™s shoulder to catch passwords or information.

Tailgating

Tailgating

Entering an area by closely following an authorized person through the door.

Individuals/employees tend to ignore such behaviour easily and end up putting their or their companyق€™s security at stake.

Clue
Example
Pro tipآ
Clue Someone following or lurking. An unusual device in your surroundings.
Example An unclaimed mobile phone lying in a meeting with its voice recorder on.
Pro tip Use a shredder to dispose work documents.آ
Keep distance from unknown people while entering a restricted area.

If only everybody was conditioned to be more aware of such behaviours, these data stealing incidents would be substantially reduced. As an employer, educating and training the employees is the best way to mitigate cyber attacks. Do you have any ideas on how to protect your data? Say it in a comment below! And if this helped you, share it with others and spread the awareness!

Read more. Know more. Grow more.

Learn cybersecurity inside out

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

آ�2020 Tech Brewery . All Rights Reserved. Website By Amagraphs .

Log in with your credentials

or

Forgot your details?

Create Account