You probably worry about malware and viruses all the time. But how often do you worry about taking actions that allow for those things to enter your immediate network vicinity? Probably less often.
Though a threat actor is much more likely to exploit you than they are to exploit a technical vulnerability, you, like so many of us do, probably worry more about how savvy technology is, and ignore your own level of savviness in the process. We're here to tell you that it's time to shift your thinking, toward gaining awareness of social hacking theft techniques.
That's because social hacking is not just a physical security issue, but also an information security issue, and, importantly, a people issue.
Common Social Scams and Your Potential Losses
Social scams can take hundreds of forms. From the classic, obvious phishing scam via email (YOU'VE WON A BRAND NEW CAR!!! CLICK HERE!!!) to the subtle imitation of a financial institution on Twitter, each attack is aimed at getting you to take some action so the threat actor experiences some return. Whether they've convinced you to click a link and download malware onto your company network or they've coerced you into entering your banking credentials into their fake site, your loss is their benefit.
In fact, the most recent Ponemon cyber crime study found that "on average, cyberattacks cost companies $7.7 million in 2015, representing a 1.9% increase over 2014." And social engineering is one of the top 4 attack types . But it's not just businesses that lose out, though they often have the most to lose. You, as an individual, can also be taken for the metaphorical ride if you aren't hyper-aware of the tactics these threat actors may use. You can lose your identity, your money, and your sense of security. There's not much worse than the last one.
So how do you avoid these types of scams?
Becoming Ever More Aware
Let's say you get an email from your boss. You think nothing of this. She emails you all the time. You quickly respond with an answer to whatever she requested. But you responded to the address that sent the email, and it turns out, the domain was one letter off from your organization's domain. What could happen now? Any number of things. You may have just granted network access to an attacker, and the results can be disastrous.
How could you have possibly avoided this? A healthy level of suspicion and fear is your closest ally. Click to tweet
Here's another simple scenario. You gladly post your cell phone number on a friend's Facebook status. (He got a new phone! What else would you do?) Two years later, you get a call from a survey provider, asking about your internet service. They say they got your number from a list you signed up for, and they carefully manipulate you into giving them enough information to enter your network, where they can get plenty of info about your personal credentials.
You might even find a USB stick somewhere you're familiar with (in your front yard, for example), and decide to see what's on it by connecting it to your laptop. The contents could seem totally innocuous, but without you even knowing it, you may have just installed a keylogger on your machine. Now the attacker can see every password you type, opening you up to theft.
Or you open the office early to a serviceman who says he's there to repair your server. He has all the clear credentials, the right clothes. You let him in, and lose the entire server.
These scenarios are scarily realistic. Social scams happen to the smartest people, all because awareness of the healthy paranoia type takes practice.
So, if you want to thwart social theft attacks, you have one priority. Be afraid. Practice it. Live with it. If you can be consciously afraid of these types of attacks, you can protect yourself, and others, from your own actions. Fortunately, you don't have to do this alone. Instruction in the form of organized courses, either for yourself or for your entire organization, can help.
Originally published on 11/25/2016
Topic: Cybersecurity, Social Engineering