Social Engineering, in security terms, refers to a clandestine attempt to trick you into revealing sensitive and confidential information. This type of security attack includes email, social media, and phone phishing. Attacks can also come in person through eavesdropping, or physical engagement such as door-to-door operations as well as mail-services. Knowledge and a healthy amount of suspicion are good barriers to prevent a social engineer from taking advantage of you.
Overshare: Social Media
Be careful what you share on social media and show discretion when it comes to picking your friends or followers. Many internet and phone logins require answering security questions such as: “Mother’s maiden name?” or “High school mascot?”. Oversharing on social media gives potential attackers access to most of these questions through a small amount of research. Combine that with your birth date, location, phone and address and they have almost everything they need to gain access to sensitive accounts. Security requires controlled access and a “need to know”. If you are a public figure, keep it generic. If you want a more personal touch, limit the people who have access. Combine both techniques to provide even stronger security.
Phishing and 2-Step Authentication
The most common form of social engineering comes in the form of email phishing. This is when someone forges an email to imitate a legitimate company, most likely one that you are already an existing customer, to get your login or financial information. They can have sophisticated messaging and believable email addresses; however, they typically ask you to confirm information that no company would ask for unsolicited and through email i.e… credit card information, social security number or username and password. If there is any concern, contact the customer service department directly and don’t click on any links embedded in the email. Similar attacks can also happen over the phone with sophisticated scripts that sound like the real thing. When in doubt, tell them you will call the customer service line from the company’s website and address the issue.
Two-step authentication is a common practice to prevent fraudulent activity. Email and text phishing can be used to bypass this process. This is accomplished by prompting you to reply the confirmation code to a number or email. The code comes from the actual company; however, your reply is to the unauthorized party allowing them access to the system. If you did not try to access your account, there should be no reason for a two-step authentication.
Con men and Thieves
Social engineering attacks can also come from face-to-face interactions. Fraudulent door to door charities and sales can con you out of sensitive information. Ask for a business card and identification. Additionally, ask if they have a website that you can use instead. Consider using cash instead of check or credit card information and ask about the information required on any form you fill out. If it feels needlessly invasive, it probably is.
Lastly, while not truly a form of social engineering, protect your mail and trash from thieves. If you have an unlocked mailbox, send your important mail to a P.O. Box. Mail in an unlocked box can be easily stolen and used to steal your identity. Additionally, be sure to shred old documents that contain sensitive information.
Industries spend millions of dollars a year on protecting your information. The best cyber security in the world can’t prevent you from inadvertently divulging your personal information. Therefore, be vigilant, identify potential threats and mitigate your exposure.