You have barbed wire fences around your house, burglar bars on your windows, alarm systems, armed response security and locks on all your doors… None of this matter if you always trust the person at the gate who says he is delivering a parcel from the courier company. If you trust the person at face value and let him in without checking if he is legitimate, you are totally exposed and vulnerable to whatever risk that person presents.
Your email gate daily receives couriers/imposters delivering parcels. They have perfected the art of manipulation to lure you into giving up confidential information.
These social engineers trick you into giving them your passwords and bank information. They obtain data which is used to get access to your computer to secretly install malicious software that will give them eyes on all you do on your machine.
Typical Social Engineering Attacks
Email from a friend
Once a social engineer knows your email password, he has access to your contact list and if you are using the same password everywhere, he will have access to your social network contacts as well. Emails can be sent to all your contacts and social messages spread to friend’s friends.
Why will you open these messages? Because they come from someone you know.
1.The link – you open the link in the mail because you know and trust the source and you are curious to read what it is all about. Your machine is infected with malware, the criminal takes over and collects all your contacts’ info to deceive you as your contact was deceived.
2.The download – photos, music, documents can have malicious software embedded. You download again because you trust and know the contact, you unknowingly give the social engineer access to your machine, email, social networks and contacts and the attack spreads further.
3.The request for help – your friend had his wallet stolen and is stranded in a parking lot. He needs you to send money to the building’s parking facility and gives you the banking details where to transfer the money to – directly into the criminal’s account.
4.The charitable cause – the festive season is upon us and charities ask for donations – providing their banking details for EFTs. Typically, these donation request emails or text messages appear to come from legitimate institutions you are often familiar with.
5.The disaster recovery asking for help – preying on your kindness and generosity, emails ask for aid for recent disasters that is front-of-mind and all over the news.
6.The winner announcement – the email claims you are the millionth visitor to the site and in order for you to claim your prize, you must provide information – your ID number and banking details. You have just given away your identity and your bank account has been emptied.
7.The best deal – on a classified site you are impressed by the seller’s good rating, click on the deal, infect your machine with malicious software or just lose your money without ever receiving the goods.
8.The help offered – social engineers pick companies that many people use such as software companies and answer general questions while offering further assistance. If you don’t use the software, you will ignore the email, but if you do, you will respond because you could do with some clarity on certain aspects. The “representative” from the software company will ask you to authenticate yourself by logging into their system so they can assist you or give you commands to fix the problem yourself – these commands can open avenues for the criminal to get back into your computer at a later stage.
Avoid Being The Victim
Spammers love urgency
If the message uses pressure sales techniques – only one hour left before this fantastic opportunity is gone forever – slow down, don’t let the urgency factor prevent you from carefully checking the email origin. According to insider threat research in the UK, the biggest human factor in sending emails in error, is listed as ‘rushing’ (68%).
Do research
If the email looks like it comes from a company you know and communicate with, but you did not start an email trail recently, go to their website and find a contact number.
Ignore requests for financial information, help or offers to help
If you are asked to reply with personal information, it is a scam. Consider any offers of help from a company to restore credit or re-finance your car as a scam. If a charity asks for help on email, delete.
Avoid careless clicking
Find the website in the email link using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still take you to a dodgy page.
Foreign offer
A foreign lottery or sweepstakes email is always fake.
Secure Your Device
To tackle the Social Engineering Attacks, ENHALO (Pty) Ltd (previously known as Evolv Networks) recommends Mimecast Secure Email Gateway technology – a multi-layered protection with100% anti-virus and 99% anti-spam levels.
Social Engineering breaches are growing more and more sophisticated and the struggle to mitigate the risks caused by user behaviour will continue.
Never underestimate the power of the human error, the advanced Mimecast Secure Email Gateway at least acts as an additional line of IT defence.
Stop and prevent potential imposters from entering your email gateway –ask ENHALO for innovative applications to keep your data safe and attackers out.
