Posted on May 09, 2022
Gone are the days when the term phishing was associated with a leisurely Sunday afternoon activity and trees were the only victims of hacking. As we continue to make dramatic advancements in the digital and tech space, the threat of cybercriminals has grown significantly, and the methods used aren’t just limited to viruses and ransomware.
What is social engineering and how it is used in cyber-attacks?
When cybercriminals use social engineering tactics, they aim to psychologically manipulate their victims for their own gain. This often includes handing over sensitive information or transferring large amounts of money to an unknown account. These attacks can occur at any time, through text, email, phone calls and social media chat facilities.
What does a social engineering attack look like?
Social engineering attacks often appear to come from a trusted source such as a friend, relative or colleague. Or you may find they approach you as your banking, utility or broadband provider. The purpose of this impersonation is to gain your trust.
Phishing
Most phishing attacks aim to obtain personal information from the victim. These are often opportunistic and use fear tactics based on what’s happening in the world at the time, such as the COVID-19 pandemic. No two types of phishing attacks look the same so it’s important to remain constantly aware of this threat when working online.
Baiting
Very similar to phishing attacks, baiting uses the promise of free goods or services to encourage victims to hand over information. This tactic also takes advantage of our natural curiosity, asking us to click a link to uncover a mystery prize or access a piece of information.
Tailgating
Not all cyber-related attacks happen online. Tailgating attacks occur when a criminal attempts to access your office premises by tailgating an employee, playing on our instinct to be polite and hold the door open for the person behind us. Some criminals have even gone as far as to wear fake baby bumps to garner sympathy – because who would shut the door on a pregnant person?
Pretexting
Unlike phishing attacks which are usually conducted in mass, pretexting attacks try to build a believable scenario to establish trust before they try to obtain information. For example, you could receive an email from your CEO who states they’re about to enter an important meeting and need your password urgently to access a system. Or you may receive a call from your payroll team saying your payment didn’t go through this month and they need to check your account details. These types of attacks are designed to put pressure on the individual, so they act fast without careful consideration.
How to recognise a social engineering attack
Cybercriminals are changing their methods all the time, so there’s no exact formula that makes up a social engineering attack – but there are red flags to look out for.
These include:
How to protect yourself against a social engineering cyber attack
When it comes to protecting yourself and your business against cybercrime, you need to remain vigilant and think before you click.
Training
Ensure that your staff are up to date with the latest cyber training, implementing measures to ensure it remains at the forefront of their minds. If you have a near miss, let people know about it.
Anti-virus software
While it doesn’t make you immune to a cyber-attack, it helps to create an extra barrier of defence with well-reputed anti-virus software. Look at setting your spam filters to high – although keep an eye on your junk mailbox to ensure nothing legitimate slips through the net!
Check the sender
Encourage your staff to always check the source if an email seems suspicious. As well as checking the email address itself, recipients can hover over links (don’t click them!) to see where they lead.
Simulate social engineering events
It’s hard to know how you’re going to react to a social engineering attack until it happens. That’s why it’s a great idea to send test emails to your staff to see what they would do. Use this as a learning tool to educate them on what they should do if a real risk presents itself.
Monitor your digital footprint
Some of us tend to overshare on social media, giving hackers ammo to hack into our devices. But have you considered what you’re sharing outside of these platforms? For example, if your CV is online – are your address and phone number on this? Not to mention your old schools, interests… the list goes on. Think twice about what you share online.
Get Cyber Insurance
Despite nearly 40% of all UK businesses reporting at least one cyber attack in the last 12 months, businesses are still not taking the threat of cyber attacks seriously enough. Now, the Government are urging businesses to take steps to improve their digital resilience. Cyber Insurance is designed to protect your business in the aftermath of an attack, including investigation, data recovery, loss of income, reputation management and more. To discuss how you can better protect your business with dedicated Cyber Insurance, give Watkin Davies Insurance Consultants Ltd a call on 02920 626 226.
"Just could not have been more helpful! A pleasure to speak to a ‘real person’ who knew what they were talking about!"
"Excellent service from Watkin Davies as per usual. I love the way they do all the hard work researching best quotes and provide you with your options. All the staff are very friendly and professional, I have to highlight Ceri who always does a fantastic job for me and my family."
"Very efficient, always friendly and helpful. I have used Watkin Davies for years, and they have always been competitive. I received great support recently when I had to make a claim, so I'd highly recommend them."
"I'm a returning customer to InstructorcoverPlus and what a wonderful experience. Emma is new to her role but she was very helpful and polite throughout. She got the quote done very quickly and managed to beat all my other quotations. I therefore didn't have to waste any more time. Further she offered me three instalments at 0% which is helpful in this current economic climate. The paperwork was sent straight away. Highly recommended."
"I have used InstructorcoverPlus for my driving tuition insurance for a number of years. Their prices are always competitive and everyone I speak to is friendly and helpful."
"I was very impressed with the quality of the service - it was outstanding. The advisor, Ms Spear went above and beyond to give me the best driving insurance policy. The policy I have received is exactly what I was looking for. Thank you so much Ms Spear!"
"Really helpful and efficient customer service, friendly and knowledgeable too. I would highly recommend InstructorcoverPlus."
"I've used Instructorcover Plus for my driving instructor insurance for a number of years. Not only are prices competitive, even at renewal, but customer service is fantastic. Call operators are always cheerful and incredibly helpful. Everything is always sorted in a single call, saving valuable time. Highly recommend."