The definition for social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access. According to figures from UK Finance, in the first six months of 2017 over 19,000 people were a target of push payment scams, involving a total amount of over £100 million. Let’s explore how you can reduce this risk.
1 Passwords – Use a mix of uppercase, lowercase, numbers and symbols
Password security is imperative in protecting against social engineering and any cyber security attack in general. Bloomberg ran a study that found 6 letter passwords with only lower case letters could be cracked by hackers within 10 minutes.
Don’t use the same password for everything. This makes damage control from a social engineering attack a very difficult task. If you have an easily crackable password and someone manages to get access to the sensitive information you hold a fraudster will exploit it. Set mandatory password standards for your business.
Are you concerned about not being able to remember all your different passwords for different websites? Well tools such as Lastpass.com allow you to keep all your passwords in one place which is completely secure and hidden, even from them. If you don’t feel comfortable about storing your password in the cloud then 1password.com lets you keep all your passwords hidden with, you guessed it; one password. Utilising tools like this is super useful for avoiding cyber fraud, hacking and being more secure.
2 Social Media – avoid putting all your life details on open social media pages
We live in a society where people are comfortable putting everything they do on social media profiles which are open for the whole world to see. You should however choose wisely what you share and to whom. Keep personal information to yourself as fraudsters have an innovative way of being able to paint a clear picture of your life.
Imagine this; you’re posting about how excited you are for holiday on Facebook while Linkedin states your job title, location and company. That gives easy access for anyone to engineer an attack on a colleague. ‘Hey I’m still busy packing and haven’t had the chance to get this transfer authorised before I go away on holiday, could you just send it straight through as I’m on a time limit’.
That message has been sent from you, to a colleague who trusts you. They know your tight on time and so they authorise a payment to an unknown source without going through the proper channels. But you didn’t send it. A hacker did. They had access to all your information. How was your colleague meant to know? This is unfortunately a very common form of cyber fraud. Keeping sensitive and personal information off of social media is a way to reduce the risk.
3 Information requests – do not give requestors the benefit of the doubt
People asking for your personal details even from a seemingly legitimate source should not be trusted. Fraudsters have the ability to create emails which perfectly mirror emails sent by the companies that they are trying to emulate.
It may seem that you are getting a genuine request from your supplier to confirm your bank details in order to take a payment. The branding is the same. The email is the same style as ones you’ve been sent before. You have a payment due. But it is highly unlikely any legitimate company will ask for your personal details over email.
Always be sure to scrutinise any request for your personal information no matter who it is from and how trusted a source you think they may be first hand. Call the source of the email from what you know is their genuine number. Find out if this is standard protocol and don’t be afraid to stand your ground when it comes to yours or your businesses information. Often, the email address of try sender will have been changed subtly from the original.
4 Educate yourself
It is important to understand the potential approaches and risks of social engineering attacks. Websites such as social-engineering.org give you examples of common ways fraudsters try to get your information.
Did you know there are lots of different types of social engineering to watch out for, this includes but isn’t limited to;
• Phishing – Attackers will try to gain personal information from you, direct you to suspicious websites and use fear or threats to create a sense of urgency for you to act fast. This is the most common type of social engineering.
• Pretexting – Scammers create fabricated scenarios to gain trust from victims, using stories such as needing certain information to confirm identity. These scams tend to be more sophisticated than phishing scams and require more thought.
• Baiting – Using some kind of incentive to entice victims, baiting is similar to phishing in its aim to gain personal information. It will use offers of free music or free movie downloads in order to get hold of your details
• Quid pro quo – IT personnel from companies are impersonated. Fraudsters offer a service posing as IT from your company and installs malware on staffs computers under the guise that they are receiving a software update.
Keep up to date with the most common forms of social engineering and different types of attacks. This will mean you are able identify fraudster attempts and can be better prepared for them.
5 Utilise biotech available to dramatically reduce the risk of cyber attacks
If you’re in a company effected by fraud, SmilePass reduces the impact of social engineering fraud and therefore risk by providing a simple and cost-effective solution. We verify transactions and requests against a unique biometric ID.
At the beginning of a relationship with a customer or employee you create a unique identifier for that person by having them simply take a selfie. The vectors in an individual’s face provides significantly more identifiers than other forms of biometric security such as finger prints or voice. Our innovative technology cannot be spoofed like most other biotech methods.
If you would like to learn more about how SmilePass prevents phishing, social engineering and cyber fraud. Take a look at how we prevent phishing using biometrics to verify digital identity and see how we can halt fraudsters in their tracks using biometrics.