Welcome to our first post in 2024!*Party time* It’s time to take on Social Engineering. But first, if you’re new here - welcome to our Cyber Crime series! We’re tackling common cyber crimes and discussing how they work and how you can protect yourself. Each of our posts follow the same format:
What is it
How it works
How to protect yourself
How to protect your business
What’s coming next
So jump to whichever sections you need, or join me on this Social Engineering breakdown!
And if you’ve missed any of our previous posts, you can check them out here:
Ok, now we’ve got introductions out the way, let’s do this…
According to Kaspersky, social engineering is a manipulation technique aimed to exploit human error and emotions to gain personal information. Social engineering scams are a type of human hacking scams, and can honestly be really nasty. Usually, a hacker will communicate with the victim, and persuade them that they work for a trusted organisation. The victim trusts this, and then freely hands over the personal information or account information that the hacker asks for.
They work by doing one or a mixture of the following:
Build trust - the hacker might imitate a trusted person or organisation, such as Amazon, or Samsung. Or, they might interact with you multiple times over time, to build trust
Create urgency - they might tell you that there is an issue NOW and you MUST do something to sort it out otherwise BAD things WILL happen. Basically, will panic you so that you don’t have time to think logically about what is happening.
Scare you - the hacker might pretend to be the police, the government, or the HMRC to scare you. For example, they might pretend to be the HMRC warning you to give over your login information because of a tax issue, otherwise you’ll get arrested.
Ok, that’s a lot of information. So let’s have a look at what a typical attack might look like:
But don’t worry (seriously), there are lots of easy ways you can protect yourself.
Don’t let time worry you - yes, when things go wrong, especially involving important things such as bank accounts, it can be absolutely terrifying. And you want everything sorted out quickly. But if you feel that the person on the phone is rushing you, or trying to scare you, take a breather, and take a second to really think about what’s going on. Does it seem real? Does it seem logical? What if someone told you this happened to them, what would you tell them to do? If you’re not sure, hang up and speak to a friend or family member. A real employee of the organisation won’t be offended.
Check the number - so you’ve received a call or message from an unknown mobile number. Except they’re claiming to be your bank. Weird. If it’s a phone call, usually a bank won’t be using a mobile phone number, so that’s the first red flag. And if it’s on message, then usually (not always) the name of the bank will automatically show. If it’s not, there’s red flag number 2. If that phone number just isn’t sitting right, then end the phone call and get the phone number from your bank’s (or whatever organisation is supposedly calling’s) website. Ring them back with that number, then you know you’re speaking to the right person.
Ask yourself: “why are they being specific?” - scammers are also fans of specific payment types. Most commonly: wire transfers, gift cards, crypto-currency, or Peer-to-Peer Payment Apps. It’s just a bit odd, especially if they’re supposedly from a large organisation. Plus, these methods are the hardest to reverse. So take a minute and just think about it before you send any money.
When it comes to protecting your business, you should be using all the tactics above, but here are some additional business-specific techniques to protect yourself:
Train your employees - when it comes to beating cyber crime, staff training is your number one priority. Take a day and provide workshops, all about different types of cyber crime. If everyone is aware and vigilant, hackers will have a very hard time getting to your business.
Manage access - does the entire company need that password? Or could you keep some passwords, details, and logins private? The less people who know the information, the better, as hackers will have less of a chance of getting to the people who do have access. Plus, those of you who do know the passwords, will know which organisations you work with and trust, so will automatically know if the hacker’s information is incorrect.
Monitor your systems - if you have or work for a large organisation, you may have a security officer or team. They should be monitoring your key systems at all times. That way, if they see something a bit odd, they can sort it and let people know. However, if you don’t have a security officer or team, you should still be monitoring your systems, or using security programmes like NordPass or McAfee that do.
And that’s it. You now know what social engineering is, what it’s like, and how to protect yourself. You can walk a little taller knowing that if you ever did receive a scam call, you have these techniques tucked up your sleeve to stop it.
Social engineering is where a hacker will use manipulation techniques to get you to pass sensitive information over.
If you ever feel that a caller is putting you under pressure, put the phone down. If it’s that important, you’d receive an email, letter, phone call, text message, etc.
Give yourself some time to think. If you’re a business owner: TRAIN. YOUR. TEAMS. It’s one of the best ways to protect yourself against these scams.
Hope you enjoyed our social engineering deep dive. If you did, please share on socials so we can spread awareness! See you next time, and come say hi on socials and let us know what cyber crimes you’d like to learn about next!
Until next time!