Social Engineering
“Social Engineering” is any method of theft that manipulates human nature in order to gain access to your online financial accounts. No business is immune to the risks of Social Engineering attacks, and thieves will go to great lengths to lower your guard. Here are a few ways you can protect yourself from thieves using Social Engineering techniques:
- Don't allow unfamiliar visitors into any area with network access. Thieves often pose as vendors, service providers or even firefighters conducting an inspection, in order to gain physical access to your network. It only takes a few seconds for them to plug in a thumb drive that installs keystroke logging software. Legitimate technicians or officers will have I.D. beyond a logo shirt or uniform to back up their claim, and should be verified independently.
- Be cautious about letting visitors use a workstation or plug into your network. A request to “check my email” or “download that sales brochure” might seem innocent enough. But, this is a favorite tactic of Social Engineers to gain access to your network and leave monitoring software or hardware behind.
- Control access to your facility. Whatever type of business you are in, there should be barriers between public and private back office areas. Doors leading into back offices from public areas should be locked. Doors to outdoor smoking areas should be locked. Visitors to back office areas should always be accompanied by a trusted employee.
- Don't assume that an unsolicited phone call or email is actually from a trusted source. Thieves can research your business relationships or donations, then pose as a vendor or charity you trust. They can even pose as another company employee needing help. Again, verify before providing any confidential information.
- Remember, unexpected email attachments should be treated with great caution. Common and popular files like PDFs, JPGs and spreadsheets can provide a platform for installing viruses or keystroke-logging malware on your computer. If you aren't certain the file came from a legitimate business, charity or person, don't open it without verifying. Call them and ask if they sent an email with an attachment.
- Verify, verify, verify. If you receive a phone call or email claiming there is a problem with a bank account, credit card account or any other network or finance related account, hang up the phone or delete the email and check those accounts directly through normal access channels.
The best way to avoid Social Engineering schemes is to be cautious about any unknown visitor, and any request for money, passwords, account numbers or other confidential information – no matter where it seems to be coming from.