IT Security Tips

Social Engineering

According to Wikipedia, social engineering in the context of IT Security refers to the psychological manipulation of people into performing actions or divulging confidential information, via the use of information technology platforms. 


In it's simplest form, it's about taking advantage of other individuals to obtain information for personal gain - mostly financial. 


Perpetrators use various techniques to manipulate the individual to provide information or data. Unfortunately, obtaining data, such as personal passwords, are the easiest ways to hack into networks and systems. This is why it's important to understand various ways you might be compromised and to be on high alert.


Curiosity killed the Cat

Social engineers often take advantage of individuals curiosity and it's through these curiosities where spam, viruses and other forms of social engineering takes place. The most common social engineering attacks involve deceiving individuals into pretending they are someone else, sending them Scam emails with various pretext, or Phishing. 


According to TripWire there are five common social engineering attacks:


1) Phishing- An email is often received requesting individuals to check or login to a particular site. By entering personal details such as username and password or worse yet, your credit card details. It may also ask you to click on a link which will then download a virus or malware on your machine which results of loss of data, stolen data (ie/ credit cards) or loss of revenue.


2) Pretexting - this is where attackers fabricate certain scenarios in order to steal personal information. an example is someone impersonating someone else to get access to your data (IT Support)


3) Baiting - Quite similar to Phishing, but baiting promises the victim a "bait" if they provide the requested information. 


4) Quid Pro Quo - also promises exchange of information in exchange of services. A good example is where an individual pretends to be from an IT company and the victim provides them with their user credentials. Malware is then installed to gain access to your computer.


5) Tailgating - this is when an individual who does not have the right level of access, tailgates, or follows another individual in order to gain access to either the building, office or data room. 


Our Honest tips.


The best advise is to be very vigilant about use of your emails and other systems.


1) Make sure you have the most latest antivirus software installed and all necessary security updates are downloaded


2) If in doubt go without. Don't open any unknown emails or click on any unknown links. Best to hit the Delete button.


3) Check the email sender before responding. It may appear legitimate in the first instance, but validate to make sure.


4) Clear out your Spam Inbox as frequently as possible.


5) Check to make sure any application pop ups are legitimate before install. As above, if in doubt go without.


6) Keep your passwords safe. Use dual authentication where possible. (More in Apps section) Do not share passwords around the house and do not leave passwords exposed.


7) Be wary of strangers


8) If it's too good to be true, it probably is, so Delete that email


9) Most organizations will never ask or call you for your passwords or credentials over email or telephone.


10) Keep your devices locked away 


Promoting Honest Digital Use