If you’ve ever received a suspicious-looking email, you’ve been exposed to social engineering. It’s a term coined to describe the techniques cybercriminals use to manipulate people into sharing confidential information. And they get pretty crafty about it in an effort to get you to share passwords, bank information, or access to your computer. Of course, cybercriminals can also ask you to click on a link or download a file, thus establishing malware and hacking into your computer system. But it’s much easier if you give up valuable information on your own, so social engineering is their preferred method of theft.
Examples of social engineering
Cybercriminals attempt to take advantage of your trust, your curiosity and your relationships. Social engineering techniques include any of the following:
- An email from a friend or colleague. If they’ve gotten control of someone’s email list, a cybercriminal can email any of the contacts—resulting in people receiving a malicious email that appears to come from someone they know. This could also be through a social media account in the form of a message or post.
- An email from a trusted source. Criminals may also pose as a company you already work with and trust. They reach out under a specific guise, such as:
- Asking for your urgent help.
- Asking you to donate to a fundraiser or cause.
- Presenting a problem that requires you to “verify” information.
- Notifying you that you’ve “won” something.
- A response to a question you never asked.
What risks are involved?
Clicking on a link or downloading a file can transfer malicious software to your computer. Criminals then use this to take control of your computer and learn all your passwords. And if an email is a simple request for information (such as the need to “verify” information due to an “issue”), you’ve made it that much easier for hackers to get into your accounts. Once they have access, hackers can access financial information, confidential client information, trade secrets and any other valuable data stored in your computer system.
What can you do?
Cybercriminals rely on your instinct to act first and think later, so simply slowing down before you react is key. Beware of any suspicious emails you receive, and delete them. If you have opened the email, beware of any downloads. Rather than clicking a link, use a search engine to go to the website yourself. Research the facts by contacting the company on your own if you’ve been asked to verify the information.
Work with your IT department to install firewalls and if you have employees working remotely, establish a verified private network, or VPN. Maintain all malware protection on your systems and require passwords to be updated regularly.
Get support for your cyber security needs
Don’t let your company be a victim of cyberattacks. Odell Studner is a risk management expert and we’ll work with you to understand and manage your risk. To learn more, contact us today!