While you may not be familiar with the term, we've all heard stories of Social Engineering – the practice of infiltrating an organization by pretending to be an authorized employee, customer, contractor, etc. in order to steal valuable assets. These con artists attempt to gain access to sensitive information or equipment by taking advantage of your natural human tendency to trust.
A popular social engineering approach is Phishing, the attempt to obtain sensitive information by sending an email to a user and falsely claiming to be a legitimate enterprise. Social Engineering is one of the biggest threats to any organization or industry, particularly ours as we often work with confidential consumer data.
Despite the significant threat, Social Engineering is not often discussed because of shame. Most people see it as an attack on their intelligence, and don't want to be considered gullible enough to have been fooled. No matter who you are, you are susceptible to a Social Engineering attack.
So what can you do?
- Secure all sensitive paperwork and magnetic media. This means locking away or shredding materials containing information that could be used to learn about the internal affairs of your company, your customers, or a consumer.
- Be sensitive to anyone asking for your system password. Unless you've initiated a call to your Helpdesk, you should never be asked for it.
- Don't allow anyone to observe you entering your passwords
- Don't click on email links. Instead, navigate to the organization's home page on your own.
- Look for telltale symptoms of Social Engineering-name dropping, refusal to provide contact information, rushing, intimidation, unusual grammar, odd questions, and small mistakes are common.
- Trust your intuition. If someone is unfamiliar and appears out of place, or something just doesn't feel right, check it out.
I have personally received numerous emails from individuals claiming to be Bank of America, (they even look official) they request I click on their link so they can update their records with my information. I DON'T DO IT! If your bank needs info, they will call you or send you a letter in the mail. This Social Engineering has become a real concern to consumers and businesses around the world. Even Dr. Phil fell prey and was a victim to this type of scam. Protect yourself, that is my advice to you.