There is no end to the methods that scammers have come up with to attain information vital to the success of their schemes. Whether they are seeking to perpetrate fraud, hacking or espionage, the most tried and true method is also one of the oldest: social engineering. It is one of the most successful because it is one of the least obvious methods, and can often require much more effort than would be reasonable for the small kernels of information that it can gather. However, those small nuggets of information can be as precious as gold to someone with the worst of intentions. Understanding and preventing social engineering is essential to protecting yourself and your business from everything from financial scams to identity theft.
So what is social engineering?
Social engineering is basically an attempt to attain personal or confidential information through manipulation and subterfuge. This can be online or face to face, in conversation or through electronic collection of data. It is a concerted effort to exploit trust in order to obtain information ranging from what you might be working on, to passwords that will allow access to data or processes. This is usually accomplished by individuals misrepresenting themselves as someone who would have a legitimate need for this information.
How to prevent social engineering
While there may be no way of completely eliminating the threat of social engineering, it can be mitigated by proper awareness and action. Here are some common sense steps that will take the bite out of social engineering attempts.
1. Treat Every Email As If It Were Potentially Compromised
Emails, even those from trusted friends and co-workers, can be accessed and manipulated by any number of people. Even legitimate-looking emails from holders of your personal information such as your financial institution should not be trusted enough for you to click on the links to access your account. If at all possible, securely access the site on your web browser rather than clicking suspect links.
2. Never Reveal Personal Information Over The Phone
A common scam is to receive a call off someone claiming to be a financial or government entity. They may ask you to verify your identity with your social security number, date of birth, password or other information. If you cannot verify the number that is calling you as belonging to that entity, never give the information. It is safer to hang up and contact the organization directly at a known secure phone number to see if there is business that requires that verification.
3. Watch What You Say And To Whom You Say It
When someone you have just met is interested in your work or personal life, be very sparse with details and give them only what they need to know. Something as simple as what you are working on or when your birthday is could give them the information they need to advance their plan just one step closer.
While these may seem at first to be extreme steps to take, scammers are relying on your trusting nature to take social engineering attempts at face value.
Adam Quirk is a criminal justice professional with over 15 years of experience in the field. Adam also owns Stealth Advise, Wisconsin’s premier private investigations firm. In his free time, Adam enjoys blogging and traveling internationally.
One of the most profitable attack vectors for hackers is targeting phones running out-of-date software. The longer you let your device run a last-generation operating system, the more vulnerable you become to attack. Hackers and criminals spend a lot of time looking to exploit old software because so many people neglect regular updates.Give Lookout Personal for iOS a try. It’s a consumer version of Lookout’s powerful suite of security tools. By keeping watch for out-of-date software and scanning for malicious applications, Lookout shores up two of the most common ways hackers find a way into personal devices.
Benjamin Franklin famously remarked, “In this world, nothing can be said to be certain, except death and taxes.” If Franklin were alive today, he may want to add “cybercrime” to the list.
Since the dawn of the internet, people have been writing passwords down on sticky notes and posting them on their desks at home. This will work well until you lose the note or suffer a break-in. Imagine dealing with the double whammy of residential theft and your bank account being drained. That’s a bad day!
This built-in application can be a lifesaver when your phone goes missing. Built by Apple and included in every new iPhone by default, Find My iPhone is GPS-based security software that will help you track down your phone whether it is hiding in the couch at home or in a thief’s pocket across town.
While we normally think of computer viruses targeting desktop computers, there is a growing black market for viruses targeting mobile devices. So much commerce takes place over phones and tablets — from business email to personal shopping — that iPhone- and Android-specific viruses are on the rise.