Five Ways to Prevent Social Engineering Attacks
Welcome to our series of blog posts dedicated to Cybersecurity Awareness Month! This month, we will update you with the latest security news, share some tips and tricks as well as a special announcement about our very own Cybersecurity Techxpo on October 23, 2018 here in NYC. Stay tuned!
Social engineering is a growing field and with your users at your last line of defense, security teams ought to be mindful of each user’s activity to interfere if needed. However, as an end user, you have a responsible yourself to monitor your own activities. Here are some tips and tricks to start.
Some Quick Tips to Remember:
- Think before you click. Attackers employ a sense of urgency to make you act first and think later in phishing attacks. When you get a highly urgent, high-pressure message, be sure to take a moment to check if the source is credible first. The best way is to utilize another method of communication different from where the message is from - like texting the person to see if they emailed you an urgent message or that was from an attacker. Better be safe than sorry!
- Research the sources. Always be careful of any unsolicited messages. Check the domain links to see if they are real, and the person sending you the email if they are actual members of the organization. Usually, a typo/spelling error is a dead giveaway. Utilize a search engine, go to the company’s website, check their phone directory. These are all simple, easy way to avoid getting spoofed. Hovering your cursor on a link before you actually click on it will reveal the link at the bottom, and is another way to make sure you are being redirected to the correct company’s website.
- Email spoofing is ubiquitous. Hackers, spammers, and social engineers are out to get your information, and they are taking over control of people’s accounts. Once they gain access, they will prey on your contacts. Even when the sender appears to be someone you are familiar with, it is still best practice to check with them if you aren’t expecting any email links or files from them.
- Don’t download files you don’t know. If you (a) don’t know the sender, (b) don’t expect anything from the sender and (c) don’t know if you should view the file they just send you with “URGENT” on the email headline, it’s safe not to open the message at all. You eliminate your risk to be an insider threat by doing so.
- Offers and prizes are fake. I can’t believe I’m still saying this in the big year of 2018, but if you receive an email from a Nigerian prince promising a large sum of money, chances are it’s a scam.
Five Ways to Protect Yourself:
1. Delete any request for personal information or passwords. Nobody should be contacting you for your personal information via email unsolicitedly. If you get asked for it, it’s a scam.
2. Reject requests for help or offers of help. Social engineers can and will either request your help with information or offer to help you (i.e posing as tech support). If you did not request any assistance from the sender, consider any requests or offers a scam. Do your own research about the sender before committing to sending them anything.
3. Set your spam filters to high. Your email software has spam filters. Check your settings, and set them to high to avoid risky messages flooding into your inbox. Just remember to check them periodically as it is possible legitimate messages could be trapped there from time to time.
4. Secure your devices. Install, maintain and update regularly your anti-virus software, firewalls, and email filters. Set your automatic updates on if you can, and only access secured websites. Consider VPN.
5. Always be mindful of risks. Double check, triple check any request you get for the correct information. Look out for cybersecurity news to take swift actions if you are affected by a recent breach. I recommend subscribing to a couple of morning newsletter to keep you up to date with the latest in InfoSec like Cyware or BetterCloud Monitor. If you are a podcast person, Decrypted by Bloomberg, DIY Cyber Guy and Reply All offer easy to digest information and news that’s very user-friendly.
Don’t wait until sensitive data is already in the sticky hands of hackers to react to a breach. Stay proactive with MDS and work with us to build out a custom, company-wide security protocol that is effective and easy to maintain.