BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What Is Social Engineering? (Insights/Information)

Social Engineering: A Threat to Your Cybersecurity

Social engineering is the use of psychological manipulation to gather confidential information. Criminals are always looking to exploit you for valuable data: personal logins, bank accounts, and even remote access to your computer. Whenever you log on, they could be trying to steal your information through malware-filled links or fraudulent websites.

Social Engineering

Why a Great IT Department Is Not Enough

You interact with certain, trusted companies on a daily basis. You may glance at an email from your office supplier, click their link, and log in to confirm this week’s order for manila folders, only to find that it was a fraudulent website stealing your password.

The growing sophistication of cybersecurity has made it very difficult to breach your software from the outside. With a dependable firewall and anti-malware suite, your computer is rock-solid. But that is only the first half of the equation. You are the second half.

Criminals know that manipulating your trust is easier than hacking their way past your IT department, so you play an important role in maintaining your business’s safety.

What Can I Do?

The best solution is to always double-check anything asking for your confidential information. If you’re clicking a hyperlink, make sure you know exactly where it’s directing you before you click it; if you’re logging into a website, make sure it’s secure and verified. All it takes is for one user to log in to a fraudulent website for a criminal to have the key that lets them walk right past all of your IT department’s efforts.

However, sometimes it’s hard to follow-up with this due diligence when we’re busy. That is why it’s important to recognize the telltale signs of social engineering at-a-glance, especially in the one communication you take part in every day.

Double-Check Your Emails

Fraudulent (or “phishing”) emails are responsible for the majority of cybersecurity breaches, some of which have targeted truly massive companies—from international banks to social media conglomerates.

Always be on the lookout for the key components of a phishing email:

“From:” Address

  • The sender is an unrecognized person that is not affiliated with your business.
  • Names of trusted senders are included in an otherwise unusual address (ex. “staplescustomersupport134789@gmail.com”).

“To:” Address

  • The email is addressed to an unusual group of recipients (ex. People in unrelated departments or even every employee).
  • The email is addressed to recipients uninvolved with the supposed subject of the message.

Date

  • The email is sent outside of business hours or at an irregular time.

Subject

  • The subject line consists of random characters or completely unrelated information.
  • The subject line references you despite you not recognizing the sender.

Links and Attachments

  • The email includes unusual hyperlinks or attachments, especially when placed in odd locations throughout the email.
  • The email includes hyperlinks that have titles unrelated to their locations (ex. A “Login to your Staples account” link directing you to an unknown website).

Message

  • The email’s message wants you to urgently take an unusual action, such as clicking a link before your account is deleted.
  • The email’s message contains grammar or spelling errors where it normally would not.

Be Patient

All of these examples pressure you into making a bad decision you wouldn’t normally make. That pressure keeps you from acting on your suspicions by keeping you on a fake time crunch.

So take your time to analyze anything unusual. If something seems suspicious, it probably is. Let your IT managed services company know so they can verify whether it’s a real threat or just a false alarm.

Watch out for social engineering and keep your business safe and secure.

More Like This

AA21-209A: Top Routinely Exploited Vulnerabilities

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities …

AA21-209A: Top Routinely Exploited Vulnerabilities Read More »

Read More

How New Windows Server 2022 Features Improve Hybrid Integration and Security

How New Windows Server 2022 Features Improve Hybrid Integration and Security Microsoft recently announced the preview of the latest Windows Server. The new release comes with several key features, such as Azure automanage (hotpatching) and virtualization-based security (VBS). Windows Server 2022 allows users to leverage the cloud to maximize uptime and keep virtual machines (VMs) …

How New Windows Server 2022 Features Improve Hybrid Integration and Security Read More »

Read More

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and …

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013 Read More »

Read More

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S.

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. America’s critical infrastructure, the Federal government, and commercial institutions are undoubtedly under attack. The sophisticated cyber threats facing the country emanate from various parts of the world. A wide selection of state actors and hacker groups are working tirelessly to paralyze …

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. Read More »

Read More

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity …

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs Read More »

Read More

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and …

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department Read More »

Read More