02
Aug

Taking advantage of Human nature…

What is a social engineering attack?

It is a way of getting your credentials, access to your systems and your data.  It is a combination of three main flaws of human nature.  An attacker will manipulate, influence or deceive a victim.

Manipulation

A stranger asks you leading questions that can appear benign, but they are designed to gather enough information to make educated guesses of your access credentials.  These questions can come in a phone call from “IT”, in an e-mail, face to face conversation and, the most pernicious, social media.  When asked to complete one of those game surveys, don’t.

Influencing

Have you ever had someone suggest a “free” virus scanner, a game or an app that you just HAVE to try?  If you don’t absolutely trust the person, they are attempting to influence you into installing a piece of malware on to your computer.  Why?  The code probably looks for personal information and then transmits it to the attacker or, even worse, turns your computer into a drone bot sending hundreds of emails and messages from your account.

Deception

“Well, they guys said he was from IT” was the defense a hapless employee used when confronted with a data breach that cost the company millions.  An attacker tailgated his way into the building and found the victim at his desk.  The bad guy was given permission to scan the computer to ensure it was correctly configured for the changes on the network, inserted a USB key, loaded the virus which bypassed the AV software and left.

Prevention

A little bit of paranoia can go a long way in preventing an attack of this type.  If you are working in a large company, follow their cybersecurity rules.  They have been thought out and implemented to prevent this kind of attack.

If you are working from home or just enjoying some social media and streaming time.  Keep yourself secure with a thorough review of your security.  When did you last change your password?  Are you using one of the most common passwords? Here’s a short list of other things you should do now.

  • Update your devices – Your PC, your phone and your tablet manufacturer issue regular updates for a simple reason. They are fixing issues that have been identified by others or their own developers.
  • Update your software – If you are running a browser, update it to the latest version. Your Anti Virus needs to have the signature files updated very regularly or it’s simply useless. Your operating system needs to be updated regularly (Yes, even Apple and Linux issue updates)
  • Ask for help – there are companies like Echo Cloud Solutions that will perform an assessment on your system and give you multiple options that can simplify your online life.