What do your employees know about social engineering?

Have your employees been informed about the safety of phishing through social engineering? There are numerous ways to fall victim to this attack. Be prepared to protect your data with software that can protect against this.

Social engineering is a technique used by criminals and cyber-crooks  to trick users into revealing confidential information. The data obtained is then used to gain access to systems and carry out actions to the detriment of the person or organization whose data has been revealed.

This practice basically exploits the trust that the user unwittingly places in the criminals, who often pose as a company employee, colleague, friend or boss. Under the guise of checking or protecting the user’s information, the criminals ask for confidential information which can then be used to steal the victim’s identity, money, etc.

How does social engineering work?

Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the ‘weakest link in the security chain’.

Users are normally targeted in two ways: either over the phone or online.

– By phone, criminals pose as employees of a company or organization, say a bank or ISP, and after going through some typical questions and statements in order to gain the trust of the potential victim, they will then ask for login credentials and passwords.

– The most common fraud technique on the Internet is phishing. In this technique, users reveal data because they think they are on a trusted website. Another way that social engineering is used online is using attachments to emails from people known to the victim. Malware is used to attack users’ address book sand send emails –with the attacker’s file attached- to all their contacts.

How to avoid falling victim to social engineering

First and foremost, to prevent data theft through social engineering be wary and use common sense:

– Never reveal your passwords or login credentials to anyone. If a legitimate technician needs to access your account or information, they should be able to do this without needing you to give them your details.

– When you enter your details on a website, make sure the URL is correct.

– Never open strange-looking files or attachments, even if they come from someone you know.


Thank you Panda Security for the article.

Call CITON to find out how we can help defend your business’ data and hardware. (218) 720.4435.