Common techniques of social engineeringSocial engineering is the use of deception to manipulate people into revealing confidential information.

This information is then used for fraudulent purposes and it is the most successful way of getting into a company’s systems. 97% of malware exploits are trying to trick us and it is OS agnostic.

Phishing the most well-knownexample. An email is written so well that you click on the link and visit a website that also looks completely legitimate. About 91% of data breaches come from phishing.

Examples of Social Engineering

  • The Irish one. On the 16 August 18, Irish Gardaí issued a scam warning that tries to get a person to buy iTunes gift cards. The victim receives an email or phone call from an organisation claiming that they are owed money and immediate payment must be made via iTunes gift cards (which sounds dodgy anyway). The scammers then ask for the iTunes code and happily spend it.
  • The FedEx one. This was around for a long time. It appeared to be an email from FedEx stating that they couldn’t deliver a parcel and asked you to click on a link (or attachment) to arrange delivery. Clicking on the link infects your computer. Sometimes the email looks like it has come from within your organisation (called email spoofing)
  • The Tax back one. I know a number of people who have received this email stating they are due a tax refund. It looks genuine as it uses the correct colours and logo for the department. This is known to be in the form of phone calls too. If it’s too good to be true, it usually is! 
  • The Dropbox one. This involves a fake Dropbox password reset phishing email (there is also an iCloud version which is often how hackers get access to celebrity photos). When clicked, users go to a page saying their browser is out of date with a “button” linking to the update. Clicking this launches a Trojan virus.
  • The ransomware one. We all know about this. A company is hit by ransomware every 40 seconds. It’s so famous hardly a week goes by without some of our favourite TV programmes including plots involving ransomware attacks.
  • The Facebook message one. This about a celebrity who has just died. Clicking a link to see a video leads to a fake BBC News page which tries to trick people into clicking on links that lead to scam online surveys.
  • The bank one. Our banks are still warning us about this. Of course, the first hint of it being suspicious is when we get emails from banks we don’t actually have accounts with. Barclays and Lloyds are big banks in the UK, but few people have accounts with them in Ireland.

How to prevent being affected by social engineering

  • Backup, backup, backup.
  • Think before you click.
  • Hover on the link to inspect the URL before clicking – see if it says what is should say
  • Train your staff.
  • Regularly test the backups.
  • If it’s too good to be true, it probably is.

By Trilogy Technologies.