• Home
  • About Us
  • Features
  • Blog
  • Download
    • Trial License
  • FAQs
  • Contact

Call us at 951-775-7462

info@ezpd.co
EZPD EZPD EZPD EZPD
  • Home
  • About Us
  • Features
  • Blog
  • Download
    • Trial License
  • FAQs
  • Contact

What is social engineering and how can you protect your organization?

Mar 28, 2019 | 0 comments |

Social engineering, a broad term that covers several attacks from a hacker to their victim, is a type of crime that manipulates people into giving up their confidential information to bad actors.

Rather than hacking someone’s account, masters of social engineering work to acquire sensitive information through means of trust.

The main philosophy of social engineering is that it’s easier and more effective to exploit the natural human tendency to trust than it is to hack an account using brute force or other means of password cracking.

Types of social engineering attacks

Social engineering has proven to be a very successful way for a criminal to “get inside” your organization. It can happen online or offline through acquiring sensitive information or by physically entering a facility.  Here are some common schemes:

Phishing

Classified as a cybercrime, phishing occurs when someone tries to lure a target by posing as a legitimate source in order to obtain sensitive information such as usernames, passwords, bank and credit card information. Targets are usually sent bogus emails, but can also receive phone calls or texts.

Baiting

Baiting is when an attacker “baits” their victim using something highly desirable to lure them in – like a free movie download, a device-like USB flash drive or a cellphone. Once the victim downloads or connects to the bait, they will be promptly infected with malware.

Quid pro quo

A quid pro quo attack occurs when a hacker promises a benefit in exchange for information. This type of scenario is commonly known as a “something for something” attack. For example, a hacker could pose as a company’s IT support specialist, offering a software upgrade in exchange for victims to temporarily turn off their antivirus software to install malware.

Email hacking and contact spamming

Email hacking and contact spamming are when an attacker sends messages via email with malicious intent. In order to gain access, attackers use a familiar email so victims will comply with their request. Once the attacker gains access to a victim’s email account, they’ll spam their entire address book with the ultimate goal of receiving sensitive information.

Piggybacking

Piggybacking is the attempt to gain unauthorized access to restricted areas through employees who don’t check references and automatically trust those around them.

For instance, you’re in the office and someone asks if you can hold the door open because they’ve forgotten their access key or RFID card. Are you sure they are an employee? Or are they trying to gain access into a restricted area or system?

A prime example of piggybacking is one Chris Nickerson, founder of security consultancy company Lares, recently shared with CSO. In his example, Nickerson discussed how he and his team piggybacked into an organization through a combination of:

  • Knowledge of current events
  • Researched public information
  • Thrift store purchased ‘Cisco’ shirt

Nickerson said the shirt helped him convince employees at his targeted organization that he was a Cisco employee on a technical support visit, and was able to obtain illegal entry. Once inside, he was able to drop USBs with viruses throughout the organization and hacked the company’s network.

How to Protect Yourself From Social Engineering Attacks

  1. Ensure your devices and routers have firewalls turned on and block incoming ICMP requests
  2. Instill a company-wide security policy
  3. Perform ongoing or regular training for your staff, like preparing employees through role-playing or learning about hacker tactics
  4. Install reputable antivirus software on your computer
  5. Backup your system on a regular basis to prevent data loss and promote business continuity

Most importantly, stop reusing your passwords. Never forget that passwords are your first line of defense. And, for help creating a strong defense, try EZPD for free.

0 Comments
0
Share

Leave a Reply

Tell us what you think.
Cancel Reply

Find us on Facebook

Recent Posts

  • What is password spraying and how can your organization defend against it?
  • 4 Essential Cybersecurity Practices for Small Business Owners
  • How to modernize cybersecurity at your organization
  • What is social engineering and how can you protect your organization?
  • How to stay ahead of changing cybercrime patterns

Contact Us

Send us an email and we'll get back to you, asap.

Send Message
Ecwid shopping cart widget

SUBSCRIBE TO OUR MAILING LIST

SB-#2006338

About Us

At iGBu, our goal is to make information security accessible and simple has helped EZPD grow into one of the most unique and important pieces of software on the market.

Get in Touch

  • EZPD Password Generator
  • 387 Magnolia Ave. #103-315 Corona, CA 92879
  • 951-775-7462
  • info@ezpd.co

Business Hours

Mon – Fri: 8:00AM – 5:00PM
Weekends: By appointment only

Stay Connected

SiteLock

© 2021 · EZPD. All Rights Reserved.

  • Home
  • About Us
  • Features
  • Blog
  • Download
    • Trial License
  • FAQs
  • Contact
Prev Next