Social Engineering Attacks – imposter at the door

You have barbed wire fences around your house, burglar bars on your windows, alarm systems, armed response security and locks on all your doors… None of this matter if you always trust the person at the gate who says he is delivering a parcel from the courier company. If you trust the person at face value and let him in without checking if he is legitimate, you are totally exposed and vulnerable to whatever risk that person presents.

Your email gate daily receives couriers/imposters delivering parcels. They have perfected the art of manipulation to lure you into giving up confidential information.

These social engineers trick you into giving them your passwords and bank information. They obtain data which is used to get access to your computer to secretly install malicious software that will give them eyes on all you do on your machine.

Typical Social Engineering Attacks

Email from a friend

Once a social engineer knows your email password, he has access to your contact list and if you are using the same password everywhere, he will have access to your social network contacts as well. Emails can be sent to all your contacts and social messages spread to friend’s friends.

Why will you open these messages? Because they come from someone you know.

1.The link – you open the link in the mail because you know and trust the source and you are curious to read what it is all about. Your machine is infected with malware, the criminal takes over and collects all your contacts’ info to deceive you as your contact was deceived.

2.The download – photos, music, documents can have malicious software embedded. You download again because you trust and know the contact, you unknowingly give the social engineer access to your machine, email, social networks and contacts and the attack spreads further.

3.The request for help – your friend had his wallet stolen and is stranded in a parking lot. He needs you to send money to the building’s parking facility and gives you the banking details where to transfer the money to – directly into the criminal’s account.

4.The charitable cause – the festive season is upon us and charities ask for donations – providing their banking details for EFTs. Typically, these donation request emails or text messages appear to come from legitimate institutions you are often familiar with.

5.The disaster recovery asking for help – preying on your kindness and generosity, emails ask for aid for recent disasters that is front-of-mind and all over the news.

6.The winner announcement – the email claims you are the millionth visitor to the site and in order for you to claim your prize, you must provide information – your ID number and banking details. You have just given away your identity and your bank account has been emptied.

7.The best deal – on a classified site you are impressed by the seller’s good rating, click on the deal, infect your machine with malicious software or just lose your money without ever receiving the goods.

8.The help offered – social engineers pick companies that many people use such as software companies and answer general questions while offering further assistance. If you don’t use the software, you will ignore the email, but if you do, you will respond because you could do with some clarity on certain aspects. The “representative” from the software company will ask you to authenticate yourself by logging into their system so they can assist you or give you commands to fix the problem yourself – these commands can open avenues for the criminal to get back into your computer at a later stage.

Avoid Being The Victim

Spammers love urgency

If the message uses pressure sales techniques – only one hour left before this fantastic opportunity is gone forever –  slow down, don’t let the urgency factor prevent you from carefully checking the email origin. According to insider threat research in the UK, the biggest human factor in sending emails in error, is listed as ‘rushing’ (68%).

Do research

If the email looks like it comes from a company you know and communicate with, but you did not start an email trail recently, go to their website and find a contact number.

Ignore requests for financial information, help or offers to help

If you are asked to reply with personal information, it is a scam. Consider any offers of help from a company to restore credit or re-finance your car as a scam. If a charity asks for help on email, delete.

Avoid careless clicking

Find the website in the email link using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still take you to a dodgy page.

Foreign offer

A foreign lottery or sweepstakes email is always fake.

Secure Your Device

To tackle the Social Engineering Attacks, ENHALO (Pty) Ltd (previously known as Evolv Networks) recommends Mimecast Secure Email Gateway technology – a multi-layered protection with100% anti-virus and 99% anti-spam levels.

Social Engineering breaches are growing more and more sophisticated and the struggle to mitigate the risks caused by user behaviour will continue.

Never underestimate the power of the human error, the advanced Mimecast Secure Email Gateway at least acts as an additional line of IT defence.

Stop and prevent potential imposters from entering your email gateway –ask ENHALO for innovative applications to keep your data safe and attackers out.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: