Cyber criminals use “social engineering” to steal data and money and otherwise wreak digital havoc. The engineering is “social” because the bad guys mimic people or institutions we trust. They also hook us by playing on human emotions and foibles—fear, greed, generosity or plain old curiosity. As a result, fraudulent emails, pop-ups or other kinds of messages look real. So we trust, we click, we open. Then they hack, they infect, they steal. Social engineering techniques are constantly evolving, but here are some examples:
- Phishing. The FBI Internet Crime Report for 2022 says phishing is by far the most common form of social engineering. A phishing email or a text might look like it comes from bank, a utility, a government agency or some other legitimate organization, but a click leads to a fake website that harvests personal information.
- Spear phishing. Not to be confused with All Net Connect’s lovely hometown (Spearfish, SD), this technique is a sophisticated form of phishing that targets specific individuals or organizations.
- Pretexting. Scammers use a story or pretext to gain our trust. They might pretend to be a friendly help desk guy or a police officer. (Fake messages have even claimed to be from the FBI.)
- Quid pro quo scams. Cyber criminals offer gifts, discounts or other bogus benefits, in exchange for personal information. If it sounds too good to be true…
- Scareware. This is a type of malware (malicious software) that uses social engineering to warn that your computer is infected. Then it advises you to download an attachment to remove the threat. What follows is not good.
Cybersecurity awareness bullet list
As individuals, we can defend against social engineering attacks by taking some simple steps:
- Pause and be skeptical. Make this your default behavior. Take a breath and evaluate electronic messages Does an email have an unusual address? Is that text from a number you don’t recognize.? Does something just smell “phishy”? It probably is.
- Don’t share information. This is another good default behavior. Take time to be certain that the website you are looking at is one you trust before you share personal data. Use the same caution for text message, popups and phone calls. Never share passwords.
- Use complex passwords. Change them regularly, too, and don’t use the same password for multiple accounts.
- Use two-factor authentication. AKA “2FA,” this electronic authentication process requires users to present two forms of identification to log in to networks, websites, applications or other electronic environments. (For example, after you log in with user name and password, a prompt might direct you to a enter a code sent as a text message.
- Update software. Security patches can help keep your data and money safe.
- Learn the Red Flags.. Here’s a primer from KnowBe4, a world leader in cyber security training. Social engineering scams are constantly changing, but knowing the basics can help.
Even better than a bullet list
Creating a culture of cyber safety is one of the most effective, convenient and affordable ways to defend against social engineering. That means combining education and training with regular, ongoing reminders and practice. All Net Connect can help. We’ve partnered with the world’s largest cybersecurity training company, KnowBe4, to deliver world class cybersecurity awareness training.