How to Defend Against Social Engineering Attacks

Movies and TV have taught us that shady hackers need to use massive computer power to break into computer networks. In reality, old-fashioned con artists’ tricks – which are now frequently called social engineering – are a real and often unrecognized threat to the IT resources at most businesses.

How to Spot Social Engineering Threats

Unexpected phone calls asking for access. A very common scam starts with a sudden phone call from “the support team” at a large software or hardware vendor. There will normally be two main reasons for the urgent call: 1) your machine has sent out a virus alert or 2) you have expired licenses for software. Both situations will need immediate attention, but neither are true.

The caller will then ask you to allow them to take over your PC using a remote connection to remedy the situation. This becomes their opportunity to install malicious software and do other nefarious things to your machine that they will turn around and “fix.”

Unexpected emails from friends or colleagues. Another common tactic is to gain access to a friend or colleague’s email or social media accounts to send out scam links and downloads.

Look closely at the URLs in email links to see if the link text matches the link destination. This is often a giveaway of a scam because it’s often not worth the extra effort to mask the links, so they count on victims not noticing the difference

The same thing goes for email attachments; these need to be from someone you know and need to be something you are expecting. A malicious download is something that could damage your entire network.

Urgency is a big red flag. Creating a sense of urgency puts pressure on potential victims that can create situations that would be obvious if there was time to stop and think about things. “Problems” that need to be solved right now are often leverage to push a scam past you.

Serious social engineers will do their research using social media. The person on the other end of the phone may sound like they know what they are talking about when they are discussing your business and your colleagues. Make sure you know who you’re talking to even if they sound like they have the inside scoop on your organization.

What You Can Do to Protect Your IT Network

Educate your team about the problem. Making sure your employees know social engineering is a real issue and that they are on-guard is one of the best ways to stop it.

Pause and call people back. Scammers will make it sound like the world will end if he or she isn’t given access to your PC to “help you” right then and there. As we said earlier, that unexpected urgency is a clear giveaway of a potential scam. If you’re concerned there may be a problem, tell the caller you will call back using published corporate support numbers and hang up.

Consistently adjust SPAM filtering and secure your network with ongoing protection. Firewall, anti-virus and malware protection are necessary parts of doing business in today’s connected world. It’s hard to do it yourself because of the speed with which new threats continually arrive. Marathon offers ongoing IT consulting and support for a broad range of clients and would love the opportunity to see if we can help you.

If you get tricked, let your IT provider know right away. These kinds of scams rely on tricking smart people who are just too busy. If you do get fooled, don’t let any embarrassment prevent your IT team from being able to protect your company’s network and data. We’ve seen it all and will get right to work helping you get things fixed and determining what needs to be done to prevent future issues.

Comments are closed.