Phishing social engineering tactics and how to avoid them
With the rise of social media and increased digital connectivity, social engineering has become easier, and cyber attacks are more frequent.
The importance of raising awareness of social engineering tactics
Everyone in your organisation, from the director to the newest employee, is prone to making mistakes. The need to stay alert of looming cyber threats has never been more critical.
All individuals within your organisation need to know what to look for to spot and prevent social engineering attacks. Social engineering is the process by which cyber criminals seek to manipulate individuals into divulging sensitive and personal information to exploit them or their organisation.
Let’s discuss phishing, the most common type of social engineering, and how you can avoid falling victim to this cyber crime.
Phishing attacks: What it is
Phishing is the most common type of social engineering. This is where a cybercriminal attempts to manipulate an individual into disclosing sensitive or personal information via email.
According to Deloitte, 91% of cyber attacks start with a phishing email.
While phishing and spam emails may have similarities in appearance, phishing emails aim to get an individual to share sensitive data or communication, such as passwords and credit card numbers. Alternatively, phishing emails may request access to confidential data or information.
Phishing emails often have a few denoting signs that you can identify to differentiate them from authentic emails.
Sense of urgency
Phishing emails often have a sense of urgency in their tone, attempting to get you to take immediate action. In addition, these emails may invite you to execute an unusual request. For example, the CEO, senior manager or colleague requesting confidential information from an employee they typically wouldn’t make direct requests from.
Unusual URLs or attachments
These emails often contain URLs that mimic the URL of another entity, whether it be your organisation, a partner, or another third party from which you typically receive communication. The URL may be misleading by just one character, making it challenging to spot. In addition, they may contain attachments prompting you to download them.
Spelling and grammar errors
Spelling and grammar mistakes are a common theme in phishing emails. However, with the rise of AI and copywriting tools, phishing emails have become more sophisticated, making these mistakes less common.
Request for personal information
The request to share confidential information is commonplace for phishing attacks. This could include information from passwords, your name, email address, date of birth, account numbers, to social security numbers or confidential company data.
What to do when you spot a phishing attack
Email remains a prominent means of communication in organisations across the world. Follow these precautionary measures to reduce your risk of falling victim to a phishing attack.
Verify communication through an additional channel
In a workplace setting, if you receive a request to share information that is classified as confidential with a colleague, check with your colleague to ensure the request has come from them. Additionally, check with your line manager to ensure they have authorisation to gain access to the information or file they are requesting.
Establish an Information security policy
Your organisation is required to have an information security policy and General Data Protection Regulations and guidelines in place. Ensure these documents are regularly reviewed and updated in keeping with security stipulations.
Cyber Security awareness training
Simply providing your employees with documentation isn’t enough to equip them with the knowledge they need to be stay alert when it comes to cyber security threats.
Insight into your cyber security posture and consequent ongoing cyber security and awareness training will improve the cyber security arm within your business.
Get in touch to find out more about the steps we can take to help you improve your cyber security and reduce the risk of falling victim to social engineering attacks and other cyber threats.