What is Social Engineering | Jupiter IT Support Hull, Scunthorpe, Leeds
  Close

Blog

What is Social Engineering

What Is Social Engineering?

What is Social Engineering

Social Engineering is the ever-growing art of manipulation in the world of cyber crime. Hackers recognise that staff members are the first line of defence for a business when it comes to cyber security and they’ve devised many techniques, under the Social Engineering umbrella, to attack that defence.

The approach behind Social Engineering is to take advantage of your natural tendencies and emotional reactions; your typical hacker keeps it techy, looking for vulnerabilities in software as a way-in, while a Social Engineer will boldly pose as tech support, asking outright for login credentials, playing on your human desire to help others.

While we’d all like to think we’d spot a Social Engineering attempt, these people are good at what they do – so good that as many as 54% of businesses have fallen victim to a Social Engineering cyber attack during the last year.

How to Spot a Social Engineering Cyber Attack

We mentioned earlier the many techniques of Social Engineering; in fact, there are 5 popular approaches. Here’s what to look out for:

#1 Phishing

We’re sure you’ve heard this term; it’s a well-publicised technique but despite its notoriety, it’s still often successful.

A phishing email will look legit – usually from a bank or online payment system – and there will always be a request for you to click a link or open an attachment. You’d spot it a mile off, right? But don’t forget, these cyber criminals are using the art of manipulation; the content of the email is likely to be designed to strike panic – your account has been locked, or there’s a report of suspicious activity on your account, you have to log-in now to rectify the situation… it’s easy to fall for.

What to look out for:

The key to spotting these phishing attempts is to take your time; check the layout, company logo, and read the content carefully for spelling mistakes. Then dig deeper; check the sender name and even click on the sender to reveal the email address behind it – it’s here you’re likely to find the obscurity. If you’re unsure in any way, give the company/organisation a call and run it past them – making sure to search for their contact details online and not taking them from the email itself. But most important of all, never click the link you’re being directed to unless you know it’s legitimate.

Learn more about Phishing

#2 Baiting

This technique is exactly as it sounds and depends on a victim taking the bait, resulting in their tech becoming infected with malicious software that could even spread to their contacts.

What to look out for:

Something is offered for free, a ‘great deal’ that’s just a little too good to be true, or a link that you only want to click because you’re intrigued… ‘This is just too weird – take a look’. Anything like this triggers an emotional reaction and can cause victims to click on impulse. Stop, think… could it be fake?

#3 Contact Spamming

If a hacker gains access to a victim’s email account, it’s just the beginning; this also gives them access to all their contacts and if like a lot of people, they use the same password for their social media accounts, they also gain access to all their contacts here too, so you could receive some unexpected messages.

What to look out for:

You might receive an email or a direct message, seemingly from someone you know, telling you to click a link – ‘Check this out – it’s cool’ – it’s not cool. It’s malware.

If the message seems out of character, it’s probably not from them at all and their account has been compromised. Give them a call and run it past them – if it’s not from them, they need to change their passwords as soon as possible.

#4 Spear Phishing

This approach is much like phishing with a smattering of contact spamming, except it’s targeted and personal. Employees in financial roles or HR roles can often be targeted for this but ultimately, anyone can be at risk

What to look out for:

Your company director has unknowingly had their email account compromised, giving a Social Engineer access to all their contacts throughout the business.

You then receive an email from the director requesting bank log-in details, or bank account details for all members of staff – the email addresses you by name, the sender is the company director and you have that human desire to help – why wouldn’t you divulge this information?

Consider how you communicate within your business and be sure to implement processes whereby requests for confidential information are always discussed in person.

#5 Vishing

Phishing with even less shame (if that’s possible) – the Social Engineer picks up the phone and calls their victims. Being put on the spot gives you less time to consider the situation carefully and out of politeness, you’re more likely to hand over valuable information freely.

What to look out for:

You might get a call from a supposed co-worker – new or from another site – asking for help. They need log-in details or important information on the company. If you feel uncomfortable, try sneaking in some questions of your own that might help you identify if the call is legitimate.

While most cyber attacks are a one-off occurrence, it’s worth considering that some Social Engineers go in for the long-haul and the Vishing technique is the perfect approach for this. Known as farming, some cyber criminals build a relationship with a member of staff and string them along for as long as possible, getting as much information as possible along the way.

You might say, Jupiter IT are on a mission

With cyber crime on the rise, we’re committed to raising awareness and helping other businesses to polish their cyber security to the point of perfection. Offering cyber security in Hull and the surrounding areas, we provide free, content rich, cyber security training for all our clients and their staff. At Jupiter IT, we are proud to hold the prestigious Cyber Essential Plus Certification and as experts in this standard, can help you become certified too. To find out more, drop us a line – we’re waiting to share our expertise with you.

Have you tried turning it off and on again?

Sometimes the simplest actions bring the best results, whereas other problems may seem impossible to fix. We’re here to get everything up and running again in no time at all, also offering straightforward advice to keep your business going from strength to strength.

Get in touch!

Engineer installing a hard drive. Jupiter IT. IT support Hull

Subscribe to our newsletter