Last month we covered “Securing Your Office Email Environment” with guidance on enabling security defaults as well as open source tools to assist in review.
Once your office environment is secured, and phishing training established, consider understanding the concept of social engineering and how this concept could impact you.
Social engineering uses psychological manipulation to trick users in to making mistakes or giving away sensitive information. Scammers use open source information such as Facebook, LinkedIn and even the company website to better understand how a company operates and what roles individuals may have.
The following are common tactics of social engineering;
- Pretexting – inventing a scenario to lure the intended victim involving some form of real knowledge about the victim
- Spear phishing – a phishing email that is focused and targeted on that specific individual
- Baiting – dangling something in front of the victim that is incredibly hard for that person to pass up
- Scareware – false alarms and fictitious threats.
Train your employees to be aware of urgent requests that are too good to be true. Have a way to identify legitimate transactions with the customers and partners you do business with any time a major change to the way that business is conducted. Keep your antivirus/antimalware updated and routinely patch systems.
For further reading:
Iranian hackers impersonate journalists in social engineering campaign
Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm