Protect Your Company By Educating Employees.
It’s a typical day at the office. Everyone is hard at work at their desks, when one of your employees gets an email from a friend. It says: “Check out this link. You gotta see it!” He clicks and sees some nonsensical images or text while malware starts downloading on his computer. Your company has just been hacked by a criminal posing as someone else.
Social engineering is a method of cyber-attack that involves getting people to take a specific action that lets a criminal in your virtual door. Although their tactics vary, these thieves get people to trust them by posing as a business contact or a friend, stealing passwords, account information or access to their computer in the process.
Regardless of how strong your security is, if employees aren’t careful about who or what they trust while using company resources, your IT is at risk.
Vermont Connections provides social engineering prevention with advanced training for your company staff. By educating people about common tactics, we can help you keep your organization sealed off from thieves who pretend to be someone else.
Emails from a known contact
When a friend or colleague gets hacked, the perpetrators can easily send emails from his or her account. They will often send a message that’s designed to provoke your curiosity, asking you to check out a link or download media. Other times you may get an urgent sounding email from a friend, asking for money because of some personal emergency or compelling you to donate to a charitable cause. These requests are often social engineering attacks in disguise.
These messages come in a variety of forms, including email, comments, texts or instant messages. They usually look like real communications from an institution you do business with, including banks and business partners. These messages, which often include branding graphics and language that look legitimate, will ask you to send information to “verify your account.” These requests usually come with a warning about undesirable consequences if you don’t follow through with the information, trying to get you to act quickly and without question.
Customer service “responses”
In these situations, thieves pretend to be a customer service representative of a company you do business with, responding to a request for assistance. Even though you never asked for help, chances are good you may need help with something at that moment, and volunteer your account information for “authentication purposes.”
These are just a few examples of the ways social engineers steal information by violating someone’s trust.