Social Engineering has been all over the news recently, but what does it actually involve and more importantly, how can we protect ourselves?
What is Social Engineering?
Social Engineering is the gaining of access of data using human interaction, opposed to more traditional hacking techniques such as code breaking or brute force (trial and error) attacks.
For example, instead of using the aforementioned hacking techniques; a social engineer may ring you and pose as your bank, or even companies such as Microsoft, requesting passwords or pins regarding ‘unusual activity’ on your unsuspecting PC. However, once this information is revealed will scam and inspect your PC for sensitive data, attempting fraud, even encrypting files and requesting money for access.
Surely I Wouldn’t Fall for That… Right?
You could be mistaken.
Although obvious in retrospect, it’s far easier than you think to be fooled.
Imagine at the end of a tiring day, your phone rings. It’s Microsoft (or BT, or Virgin, or work), and they believe your computer is at risk; a potential virus could be attacking your PC as you speak, all the family holiday photos and your bank details endangered. They request your password- so of course you tell them.
But something feels wrong; they sounded professional enough but…
Social Engineering has claimed another victim.
What Can I Do to protect myself?
Don’t ever feel pressured, rushed or scared into revealing any information. Whoever is asking you, whether genuine or non-genuine, remember, it’s not a life or death situation. Take your time to think and double check that whoever they say they are is genuine and question why they would need the information they are asking for, don’t be shy to be firm, just say no, take their details and say you will call back. Then call wherever they say they are from on a number that you know to be genuine (i.e. on your last BT bill) and explain the situation – do not call them back on the number they gave you or a number you googled.
As a rule of thumb, Microsoft will never genuinely call you and ask for any personal information – the only time Microsoft might call you is if you have logged a support request with them. The same applies for BT, Virgin etc. – although they could detect suspicious internet usage, they tend to email you about it and NOT offer any help by phone.
If you receive an email from your boss (or someone pretending to be your boss) asking for a password, pick up the phone and call them and just explain that you are not comfortable revealing this information by email – they will appreciate you taking the extra precaution if it was a genuine request. The same goes for any emails asking for financial help from friends & family – it might just be someone pretending to be them – just pick up the phone and call them to check before you depart with any money!
Too late / think you might have already been conned?
Don’t panic and please don’t feel silly for falling for any scams, it really can happen to ANY of us.
Call your bank if you made any payments, explain the situation and get it cancelled. Even if you don’t get your money back, or at least not immediately, you are helping to alert the bank of the scam and therefore helping other people. Change any passwords you have revealed immediately as well as password recovery details.
If you allowed the “social engineer” access to your computer, book it in for a health check to make sure no malicious software or malware has been installed and no firewall ports opened.
Depending on the type of social engineering scam you were a victim of, get in touch with the police as well and see what they can do, even if it might just be raising awareness so other people do not fall for it.
If you need help, just get in touch!