Security Monday: Social Engineering
Welcome to week four of our ‘Security Monday’ top tips. The topic this week is ‘Social Engineering’ and we have some tips from our Security Lead Jaabeer.
We suggest that you share these top tips with your staff to keep all of your data super secure. Make sure you check out last weeks article on ‘Ransomware.’
Social engineering is the psychological manipulation of users to disclose information or access to attackers. This is probably the most effective TTP (tactics, techniques, procedures) within the InfoSec world.
Almost all cyber attacks have used some form of social engineering such as phishing scams, forging websites, annoying pop-ups, tailgating etc.
Malicious attackers use a variety of techniques to make social engineering more effective such as:
- Establishing trust
- Using authority (e.g. impersonating an important staff member or government organisation)
- Generating urgency – (e.g. the well known HMRC scam which claims a limited amount of time for a tax refund)
Be wary of the above techniques when receiving emails or any form of electronic messages. Always check the legitimacy of messages before responding.