Dura-Tech joins together with LeadingIT Learn more

Return to blog cyber security company - social engineering
August 12, 2022 | By stephen
Share
Share

Your Business Could Be at Risk Due to Social Engineering and Human Error

The average organization is targeted over 700 times per year by a social engineering attack. And, 98% of all cyberattacks include some form of social engineering. It isn’t just a guy with a laptop in a dimly lit room you need to be worried about.

Your business is at risk, and the most likely way a bad actor is going to get through the door is by compromising an employee. It could be an intern in the mail room or even the CFO.

Forms of Social Engineering

Social engineering is a type of attack that seeks to manipulate a person’s good nature or lack of technical savvy. Instead of brute forcing their way through your IT system, the social engineer tries to gain access to the soft underbelly of your infrastructure by tricking the employees of an organization. These attacks come in a wide variety of forms.

Phishing

Phishing is the most prevalent kind of social engineering attack. During phishing, scammers send an email with a link that redirects the user to a page or website designed to steal their credentials.

The scammers craft their message to create fear or a false sense of urgency. For example, it might look like an email from a potential recruiter. In this case, it will contain a link that redirects the user to a website where they are encouraged to sign up for the job before the deadline.

This deadline is conveniently a couple of hours away. The user, afraid to miss out on the opportunity, quickly fills out whatever information is required. And, in doing so, surrenders crucial information to the criminals.

Baiting

Baiting is similar to phishing. However, it involves using an item or offer that entices the victim into giving up information. This may include free gifts, discounts, or a special deal. But, in order to receive it, the customer must first register with their personal or business credentials.

Some baiting attacks aim to infect computer systems with malware. In this case, the attacker leaves a portable storage media device, like a CD or USB, in an open location. The goal is to pique the target’s curiosity so they load the malware into their computer.

Pretexting

In pretexting, the scammer creates a made-up scenario in order to gain access to a victim’s information. This typically involves impersonating a trusted individual, like a bank representative, to whom a user is more likely to give information. While phishing and baiting attempt to use fear or urgency, pretexting relies on creating a sense of trust.

Tailgating

Tailgating is a bolder social engineering tactic as it takes place in the work environment. The scammer poses as someone who has a legitimate business reason to be there. For example, they might pose as a courier and follow an employee into a restricted area. This attack is usually employed when targeting a physical system.

Quid pro quo

Quid pro quo refers to a favor granted in return for something. During this social engineering attack, the scammer pretends to offer something – usually a service – in exchange for personal information.

For instance, the scammer will call pretending to be a technician trying to help the victim solve a problem with their telephone or computer. In the process, they will ask the victim to disclose certain information that is needed to help ‘solve the problem.’

Staying safe from social engineering

The types of attacks your business faces are many and varied. However, there are many things you can do to protect yourself. Avoid opening emails from untrusted sources and be careful what sites you visit on your work computer. Disconnect calls offering technical help if nobody has requested it and, if an offer sounds too good to be true, it probably is.

The list goes on and on. Staying safe requires a high level of vigilance. If you don’t have the tools to handle these types of attacks, consider partnering with a cybersecurity expert who does.


LeadingIT offers 24/7, all-inclusive, fast and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 20-200 employees across the Chicagoland area.

Let Us Be Your Guide In Cybersecurity Protections
And IT Support With Our All-Inclusive Model.

Meet with us