Stopping Social Engineering Attacks No, Slow Down Yes!

Elements of an Attack:

From the article at TechNewsWorld.

Social Engineering is equivalent to scammers trying all types of methods to gain information or money.

What does it mean to have an image above that shows many possible Social engineering attacks?

Let’s list them:

  1. Techniques
    1. Phishing
    2. Pretexting
    3. Baiting
    4. Quid Pro Quo
  2. Compliance principles
    1. Friendship or liking
    2. Commitment or Consistency
    3. Scarcity
    4. Reciprocity
    5. Social Validation
    6. Authority
  3. Target
    1. Individual
    2. Organization
  4. Goal
    1. financial Gain
    2. Unauthorized Access
    3. Service Disruption
  5. Medium
    1. E-mail
    2. Face-to-face
    3. Telephone
    4. SMS
    5. Paper Mail
    6. Storage Media
    7. Webpage
    8. Pamphlets

And the above methods are only the current or ‘older’ attacks. Each heading is followed by the specific attack method. And these methods are all focused on taking resources or information to eventually relieve you of money.

Now social engineeringattack advances  has added Vishing – which is attempting to influence an action by calling/contacting a mobile phone which requires a quick action.

Impersonation is the practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system. (another newer method)

Sometimes the goal is to gain information not actually steal resources($  or computer time) at first. Only after a lot of information gathering is a unique social engineering attack going to go for the jugular and the money they are all after.

 

So what can be done to slow down or reduce the attacks (Under no illusion to completely stop all attacks).

Introduce a process or method – let me take your information and I will call you back. (most phishers will not want to give a number). Authenticate the person’s number to make sure it is legitimate.

Also make a rule never to give out personal information on an incoming call – have a standard response available. ” Mr./Mrs./Ms/ you can understand that with all of the possible hacker attacks we do not give out any(or xyz) information via phone” If needed I can call you back tomorrow, am busy now.

No matter how you are being contacted the response can be changed… On an incoming text we do not give out personal information. Please give me another phone # so I can contact you tomorrow.

Do not respond to texts with information, require a call and other contacts to verify the authenticity of caller.

A social engineering attack can be complex but it really has the same goal as all hacker attacks to take resources and information from you. If you can slow them down, make them work harder to get what they want. then you are most of the way to a secure and safe network.

We can help you rewrite your security policy: contact us.

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.