The Tell Tale Signs of Social Engineering

Author: Craig Pollack Date: Nov 29, 2017 Topics: Cybersecurity

The Tell Tale Signs of Social EngineeringIt's scary to think that it's much easier for an attacker to exploit a victim’s natural inclination to trust than it is to find ways to hack their systems. Organizations can avoid many attacks by properly training employees on social engineering tactics and implementing an effective and ongoing user security awareness training and testing program.  

In today’s connected world, a little healthy dose of paranoia might save you from serious damage that hackers, ransomware, malware, and viruses could cause coming in to your network.

Question: “What are some common signs of social engineering attempts such as phishing or click baiting, and how can organizations prevent these types of attacks?”

Answer: The first rule of thumb when it comes to social engineering is: if something seems “phishy,” it probably is.

Cybercriminals often try to manipulate individuals into giving up their passwords, bank information, and other personal information through social engineering tactics. One of the most common examples of these attacks is an email or message that appears to be from a colleague or a friend.

Here are a few tips for recognizing and avoiding social engineering tactics:

  1. Less urgency, more caution: Slow down and read messages thoroughly before clicking on anything. Spammers try to take advantage of impulsive users who act before they think.
  2. Requests and offers are usually fake: Legitimate organizations do not offer to provide help without a specific request for assistance. Any offer to “help” restore credit scores, refinance a home, answer questions, etc., is a scam. The same is true of requests from charitable organizations. If you don’t have a relationship with the organization, delete the email.
  3. Never give out personal information: This seems obvious, but it must be said. If a message asks for personal or financial information, it's a scam.
  4. Use password management software: These programs are necessary to keep all of your passwords organized, but also act as a phishing safeguard. They will only fill in your credentials when you visit the actual domain where they are used. 
  5. Links and downloads are dangerous: If you don’t know the sender personally and aren’t expecting a file from them, downloading anything is a mistake. Even when the sender appears to be someone you know, check with that person before opening a link or downloading. For most non-technical users, a well-orchestrated phishing email attack is practically impossible to discern from a genuine email.
  6. Spam filters on high: Every email service offers spam filters. Set these on high, and remember to check your spam folder periodically to see if legitimate emails accidentally get trapped in there.
  7. Antivirus software is your friend: Make sure your antivirus, firewall and email filters are all kept up-to-date.  Anti-phishing tools offered by web browsers or third parties can also help with potential threats.
  8. Security awareness training: This is THE best way to continuously keep users informed about the types of attacks they will face. Many can also test users’ abilities to defend themselves and their organizations from being infected and compromised.

Without a doubt, social engineering tactics are designed to take advantage of a user’s trust. Be on your toes when sifting through emails and messages.

And remember, if something seems phishy, it probably is.

FPA offers a comprehensive cyber security user awareness training program that's simple, thorough, and provides recurring testing with minimal interruption to your staffs' work load. The best part is because we run it, it doesn't put any additional burden on you by impacting your time. If you'd like to discuss this in more detail, please feel free to contact us.

We'd love to hear from you. Please share your social engineering war stories in the Comment box below or shoot me an email if you’d like to chat about this in more detail.

New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.