17 Summer | 2022 claiming to be from a trusted source. For example, an attacker can send an email that appears to come from the chief financial officer at one’s bank. In this email, the attacker could be asking someone to send them wiring information or to visit a linked site that will ask the recipient to provide information such as a social security number, full name, and address. • Tailgating: This type of social engineering tactic is a physical attack. This attack allows the perpetrator to access a restricted location by closely following an authorized user into a secured area without being noticed. • Baiting: This mode of attack offers something enticing to the victim to lure them into the social engineering trap. The attacker will often include gift cards to trick the user into completing a survey form where credentials must be provided. After, a form of malware is then downloaded onto the user’s device or server. How to protect against social engineering attacks The best way to protect against social engineering attacks is to provide end-user training to employees. While the attacks manipulate human interactions using curiosity and fear, having employees informed of these types of attacks will help protect the organization. Below are helpful prevention tips to protect organizations against such attacks: • Research any emails that may come from “someone” in or out of your organization. • Don’t open any links or attachments that come from an unknown source. • Be cautious of any requests marked “urgent” and requesting immediate help. • The most important tip is that if an employee has any doubts, they should know who to contact to confirm any suspicious emails. 1 https://www.isaca.org/resources/glossary 2 https://www.cloudwards.net/cyber-security-statistics/ Jonathan has three years of professional experience in Information Technology. He is a graduate of Texas Tech University, where he received a B.B.A. in Information Technology with concentrations in App Development and Cyber Security. He now configures and maintains the security appliances in our audits, performs vulnerability reporting and social engineering phone calls, and collects data during CoNetrix Security audit projects. Social engineering is an umbrella term for the many ways hackers attempt to manipulate vulnerable targets.
RkJQdWJsaXNoZXIy ODQxMjUw