There is no end to the methods that scammers have come up with to attain information vital to the success of their schemes. Whether they are seeking to perpetrate fraud, hacking or espionage, the most tried and true method is also one of the oldest: social engineering. It is one of the most successful because it is one of the least obvious methods, and can often require much more effort than would be reasonable for the small kernels of information that it can gather. However, those small nuggets of information can be as precious as gold to someone with the worst of intentions. Understanding and preventing social engineering is essential to protecting yourself and your business from everything from financial scams to identity theft.
So what is social engineering?
Social engineering is basically an attempt to attain personal or confidential information through manipulation and subterfuge. This can be online or face to face, in conversation or through electronic collection of data. It is a concerted effort to exploit trust in order to obtain information ranging from what you might be working on, to passwords that will allow access to data or processes. This is usually accomplished by individuals misrepresenting themselves as someone who would have a legitimate need for this information.
How to prevent social engineering
While there may be no way of completely eliminating the threat of social engineering, it can be mitigated by proper awareness and action. Here are some common sense steps that will take the bite out of social engineering attempts.
1. Treat Every Email As If It Were Potentially Compromised
Emails, even those from trusted friends and co-workers, can be accessed and manipulated by any number of people. Even legitimate-looking emails from holders of your personal information such as your financial institution should not be trusted enough for you to click on the links to access your account. If at all possible, securely access the site on your web browser rather than clicking suspect links.
2. Never Reveal Personal Information Over The Phone
A common scam is to receive a call off someone claiming to be a financial or government entity. They may ask you to verify your identity with your social security number, date of birth, password or other information. If you cannot verify the number that is calling you as belonging to that entity, never give the information. It is safer to hang up and contact the organization directly at a known secure phone number to see if there is business that requires that verification.
3. Watch What You Say And To Whom You Say It
When someone you have just met is interested in your work or personal life, be very sparse with details and give them only what they need to know. Something as simple as what you are working on or when your birthday is could give them the information they need to advance their plan just one step closer.
While these may seem at first to be extreme steps to take, scammers are relying on your trusting nature to take social engineering attempts at face value.
Adam Quirk is a criminal justice professional with over 15 years of experience in the field. Adam also owns Stealth Advise, Wisconsin’s premier private investigations firm. In his free time, Adam enjoys blogging and traveling internationally.