Which Social Engineering Scams Would Fool You?
Our human vulnerabilities are now providing rich pickings for social engineers. People-centric crime now accounts for over 60% of all attacks on businesses and, despite phishing and social engineering pen-tests, employees remain alarmingly willing to hand over their personal and business details to complete strangers.
Why do we keep falling for social engineering scams?
However generic the phishing email, or obvious the tailgating technique, a scam is always personal to the victim, because it targets a particular emotional profile – and if you fit the bill, you’re likely to find yourself blind-sided, however prepared you think you are.
How does emotional profiling work?
Just as we all have a unique set of fingerprints, and DNA, so each one of us has a unique emotional profile that makes us vulnerable to particular social engineering scams. We may, for example, have the hawk-eye when it comes to spotting a fake email address, but be completely disarmed by someone who’s able to make us laugh on the phone. Take a look at these simple profiles and see which ones apply to you. As you’ll see, each profile makes you vulnerable to specific threats:
1. Are you friendly?
If so, you’ll be outgoing, and responsive to friendly approaches. This makes you vulnerable to:
- Requests for help such as sharing a password, or letting someone into the building.
Always check out the requester’s identity and ask to see evidence of authorisation.
- LinkedIn invites and Facebook requests from unknown sources.
Always check out their identity and don’t ‘trust’ anyone you don’t know face-to-face.
2. Are you obedient?
If you are, you’ll find it difficult to say ‘no’ to authority figures, experts or executives – making you vulnerable to:
- Emails requiring action from your boss.
Always verify, through personal contact or phone, actions that are out of the ordinary or seem out of character in any way, especially if financial transactions are involved.
- Approaches from ‘experts’ who require access to your data, be it bank details, credit card number, laptop etc.
Always check out the expert’s identity and ask to see evidence of authorisation.
3. Are you careful?
If so, you’ll be acutely aware of defending your possessions, and accounts. You should watch out for:
- Emails requiring immediate action from your bank, credit card provider, human resources, wages department etc.
Keep calm and ignore. If you’re worried, make a phone call to the source of the email.
- Scam phone calls which inform you of a crisis followed by a solution – normally requiring you to hand over your data.
Put your phone down unless the crisis is immediately verifiable. When making a data or financial transaction ask for a company number you can ring to check their identity.
4. Are you efficient?
For all you perfectionists out there, take particular care when:
- Being ordered to do something, threatened, or shouted at.
It’s not easy to be rational in this situation, but try to keep calm and keep a level head. The scammer is relying on a ‘knee-jerk’ response, so if you can avoid that then you’ve won.
- Opening emails. Your speed and efficiency might make you prone to spear phishing emails, which are incredibly clever fakes utilising logos, design elements and personal information to persuade you they’re for real.
Never respond to emails in a rush. Put aside time in the day when you can concentrate on one thing, and read each one carefully. If in doubt, seek verification from source.
5. Are you a bargain hunter?
Then you’ll find it difficult to say no to ‘great offers’, or ‘great deals’ that seem to offer something for nothing. Watch out for:
- Emails or pop-ups telling you that you have won something.
It’s an old adage but ‘you never get something for nothing’. However hard it is, delete these messages.
- Chain emails.
These come and go in popularity but they’re never good news. Delete at source.
“It Couldn’t Happen to Me…”
Famous last words I’m afraid, so long as we’re human, we’re vulnerable to scammers. Taking the time to consider your emotional profile is one way to disarm the social engineer – once you know your trigger points, you’re far more likely to garner your defences and kick your rational brain into action before any harm is done.
For more tips on disarming social engineers, register for our next webinar: The Hackers Perspective: helping employees understand security vulnerabilities
WHEN: Thurs 25 th January 2018 at 11.00am-11.30am
SIGN UP HERE