Call Us at 866-526-9750
Check out David Wertz's weekly article and information he has shared on LinkedIn
October 5, 2017
Unfortunately, many times it is the user behind the keyboard.
Social engineering is one of the most frequently used (and successful) tactics to compromise a system.
Social engineering is the art of manipulating people into giving up confidential information. Motives can vary, but these criminals usually want passwords, bank information, or access your computer to install malicious software.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows. Guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel will do nothing if you trust the person at the gate who claims to be the pizza delivery guy without first checking to see if he is legitimate. Without caution, you are completely exposed to whatever risk he represents.
Anti-virus software, firewalls, email filters and other systems are crucial to protect a system, but a user can be tricked into circumventing these protections.
Email “Phishing” is one of the most common social engineering mechanisms. Phishing is an attack that uses email or malicious websites to solicit personal information by posing as a trustworthy organization.
According to a Global Threat Intelligence Center (GTIC) report, 67% of Malware attacks were delivered via Phishing attacks.
For example, an attacker may send email from a seemingly reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
What Can You do to Avoid Becoming a Victim?
Be suspicious of unsolicited emails, phone calls or visits from individuals asking about internal information. If some unknown individual claims to be from a legitimate organization, try to verify their identity directly with the company.
Beware of emails that appear to be “urgent,” ask for help, claim that you have won a prize, or emails that require you to verify your information. These are all different schemes to get you to enter your information in a quick manner in which you may not even second guess what you are doing.
Don’t provide personal information or information about your organization unless you are certain of a person’s authority to have the information.
Pay attention to the URL of a website. Malicious website may look identical to a trustworthy website, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net or www.faceb00k.com vs www.facebook.com ).
If you think these things are easy to spot, think again. Phishing attacks are becoming more sophisticated and professional making them harder to spot and avoid.
Checkout free reports and newsletters to educate yourself on Network Security, Data Protection and Tips and Tricks.Let's Go!