When talking about hacking, most people picture someone hunched over a computer as lines and lines of Matrix-esque code scrolls across the screen. However, when speaking about hacking attacks in regards to Social Engineering this couldn't be further from the truth.
When employing Social engineering the attacker uses human interaction and social skills to obtain or compromise information about a company. These attacks typically take the form of emails, websites, phone calls, or sometimes may even be carried out in person. They are typically after data such as usernames and password, credit card or account information, and much more.
What can you do to prevent these attacks?
The best thing you can do to prevent these types of attacks is to make sure you and your employees are educated and aware.
Never give out:
- Usernames and password
- ID or PIN numbers
- Server or Workstation names
- Credit card numbers
- Data considered to be sensitive or confidential
Be suspicious of unsolicited phone calls, visits, or emails from individuals asking about other employees or personal information. If an unknown source claiming to be from a well-known or legitimate organization contacts you always try to verify their identity with the company before offering any info.
Also be aware of what URL you are accessing or the email address a message is coming from. Misspelling in domain names and email addresses is a common way attacker's trick people into thinking they are from a legitimate company. When in doubt of any communications ask the person to hold or tell them you will reach back out to them once you can verify their request is legitimate. If they pressure you to comply do not give in and ask them to verify their info and the need for the information.
What to do if you think you've become a victim:
If you think you have become a victim of social engineering you must contact your network administrator as soon as possible. This is necessary in order to make sure someone is keeping their eyes open for any type of foul play. If you have financial information that's has been jeopardized you must contact your account representative right away to see if you notice any fraudulent activity. If you think any of your log on credentials or passwords have been compromised, change them right away. The last thing you could do if you have been a victim of social engineering would be to contacting the police, and generate a report with the Federal Trade Commission.