Preparing Against Social Engineering

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Preparing Against Social Engineering

Author: Tatianna | Published on March 13, 2019 | Views: 1559

Security Awareness is Cybersecurity

Social engineering is a cybersecurity approach that affects individuals and organizations both public and private. Bypassing the technical aspect of hacking, social engineering relies on convincing an individual to compromise sensitive data or grant unauthorized access. Deception is not a new or novel concept, and social engineering is simply an application of this towards digital mediums and penetration testing. Self-awareness and a healthy sense of skepticism are the best defenses against deception in general, but the evolution of technology requires organizational preparation against social engineering. This section will cover some of the most effective techniques for preventing social engineering attacks.

Research and Analysis, the Right Way

Careful critical analysis of online interactions is the greatest defense against social engineering. Think carefully before you click anything from unverified sources, especially if it is framed as an urgent matter. Social engineering attacks often rely on the user to not think twice before providing sensitive information to a familiar organization. This could be an email requesting bank information in the context of a falsified security breach, a desperate figure seeking a small payment to release and reward a large number of funds, or an attacker posing as a popular social media site requesting verification for continued access. Think critically about every request for sensitive information, and don’t click on anything that seems sketchy or unfamiliar. Many organizations will specify that they do not request personal information over email for this reason. Critical thinking, not paranoia, is the best defense against social engineering.

Researching sources is another powerful method for preventing social engineering attacks. Phishing emails often direct the user to forms of input that are designed to look identical to their trusted counterparts. Many of these pages are visually identical to popular login pages, but the URL and source code is completely different. Check the URL at the top of the page for strange anomalies. For example, www.woodmore.com and www.woodrnore.com. In the second URL, instead of an “m” in Woodmore, it is replaced with “r n” to trick you at a glance. You can load the same page through official channels for comparison. If you are still unsure, you can even check and compare the page’s source code for unusual differences. The attacker is relying on users to not think twice before inputting sensitive data.

Lastly – and this is part of any good End User Security Training – be wary of any attachments or downloads from unverified sources. Regardless of who you are, what industry you’re in, what your title is, never click/open unverified links or downloads. Always check with the person that sent it before taking action because you’re better safe than sorry. Attackers will provide an attachment or web download that seems innocuous or legitimate, but the file contains hidden malware. Don’t download anything from unfamiliar sources without thinking twice. Some indicators of a malicious download include deceptive download buttons, atypical file names, unusual file sizes for the given type, and file extensions that do not match the given file format.

A Lesson from Smokey

In the familiar adage of the great Smokey Bear, only you can prevent social engineering attacks. Hackers can bypass grossly advanced security systems by relying on a single user error, and simple cautionary practices can prevent massive data breaches and financial losses. Think critically about every online interaction, research unfamiliar sources when in doubt, and be careful about anything you download from unverified users. A healthy sense of self-awareness and skepticism go a long way in preventing social engineering attacks.

TL;DR
Social engineering is a consistent threat to the security of many organizations, but there are ways to prevent social engineering attacks. Most prevention methods revolve around safe practices and self-awareness. This article explores several techniques you can use to prevent social engineering attacks in organizations and on individuals.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel