Cyber-criminals don’t always need a keyboard to hack into your bank account or company network. In fact, a lot of attacks start with a simple phone call. Typically, the attackers are either trying to get information out of you or to make you do something. This is a technique they call social engineering.
Social engineering is the art of manipulating people so they give up confidential information. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
Here are some tips on how to avoid Social Engineering scams.
- Don’t Trust Caller ID: Caller ID is great to let you know who’s calling, but it’s really easy to spoof a number.
- Don’t trust referrals given by the caller: Often, social engineers will call around a company and ask who’s the best person to speak about a certain topic. Your colleagues may point them in your direction. When they call you, they’ll say “Linda said you’ll be able to help me with this.” Don’t assume that Linda knows the caller or that she has vetted him. Call her and ask her how well she knows the caller.
- Don’t divulge non-public information: Especially if you don’t know the caller and it’s an incoming call, don’t disclose any information on the phone that the caller couldn’t also get from a public record such as your website. If they ask something you’re not comfortable sharing, stay courteous and ask them why this piece of information is important to them. If in doubt, check with your manager or your security officer.
Social engineers don’t restrict themselves to the phone but also use faxes, letters, email, or show up in person at one of your offices, so be on your guard! If you still have questions, please call Network Security Associates at 702-547-9800.