Whether you realize it or not, you and your employees or co-workers are all prone to being taken advantage of by social engineering scams. For example, recent news reports say that Russian hackers targeted one Yahoo employee with a spear phishing email, which is a known successful social engineering scam and gained access to a billion email accounts.
Fortunately, by learning about some of the popular social engineering scams out there, and how to avoid them, you can keep yourself safe. Here are some of those scams:
They Try to be Friends with You
One of the main social engineering scams is to try to be friends with you. This is called “affinity social engineering.” They often do this by sharing common connections such as hobbies, interests, sports, or activism. Once you trust them, they know that they can slowly get sensitive information from you.
They Use Bots
Another way that social engineers make a victim of you is by using malicious bots. These bots infect your web browsers, and then hijack your surfing sessions which can compromise various sites you are a member of. From there, they can send messages to your friends, who believe the messages are from you, and your friends become victims, too.
They Use Love
Social engineers will also use the promise of love or sex to lure victims. This is known as “sextortion.” For instance, they might convince you to share compromising photos, and then use it to blackmail you.
They Use Moles
Some social engineering scams target entire companies, and one method is to use insiders acting as moles that apply and get the job specifically to steal information. These moles are highly knowledgeable, and then once they are hired into companies, they collect confidential company information.
They Use Recruitment
Speaking of business, social engineers will also use recruitment techniques and target job seekers. Most job seekers wouldn’t find getting contacted by a recruiter unusual, especially if they have their resume posted to a job website.
Protecting Yourself from Social Engineering Scams
Now, you know some of the main social engineering scams, but you don’t yet know how to protect yourself and your business. One of the ways that you can protect yourself is by making sure that your network is being monitored and is protected by anti-virus and anti-malware software. But that’s not nearly enough. Here are some additional preventative measures that you should take, as well.
- Put policies in place for your staff at work, and even for your family at home, to prevent or limit damage. For instance, an innocent click of the mouse could lead to disaster if it’s a trick. Teach your employees and your family how to recognize these through policy and training.
- Seek out “phishing simulation.” There are numerous free and paid options to phish those who may be the weakest link in the chain.
- Sometimes, these things must be handled with sensitivity, such as in the case of sextortion. It’s best to address these situations with a combination of HR, law enforcement, and legal actions. Employee awareness and intervention can also help to limit any potential damage.
- It also might be worth it to consider monitoring products, such as those that can detect browser changes and bot behavior.
You should also consider additional layers of security, such as identity theft protection. While identity theft protection won’t protect an individual or organization from social engineering, it will act as a bodyguard in case all else fails and an employee’s identity is stolen.