Would you fall for any of these four schemes?

Phishing

Did you know that phishing is the most common type of social engineering? It is a component of over 90% of all APT (Advanced Persistent Threat) attacks. Attackers will pose as a legitimate company (PayPal, Google, etc.), sending you a fake email that looks realistic. They want you to click a link in the email or download an attachment that will infect your computer with malicious code. Think before you click! When in doubt, delete! 

Tailgating

Tailgating is another simple, yet effective social engineering technique in the Physical Domain. There is no password cracking or complicated hacking. The attacker just piggybacks behind someone. Never let anyone enter a secure building on your access pass or badge. The same goes for network access – EVERYONE must use their own user IDs and passwords to login.

Shoulder Surfing

All it takes is someone standing reasonably close to you. Their goal might be to glance quickly as you enter your PIN into an ATM or your password as you enter any online site on your mobile device. The shoulder surfer will act as innocently and innocuously as possible. You may not even be aware that they are there,  but they are watching closely. Their eyes are locked on your hands and/or keyboard.

Pretexting

This type of social engineering attack occurs over the telephone using the same premise as phishing. They pretend to be your bank, a doctor, or someone you would trust with PII (Personally Identifiable Information). They make some false claims, asking you to confirm your PII, when in actuality they are collecting pieces of your identity to steal and/or sell. When used against companies, pretexting has led to many serious corporate data breaches! Never, ever give out personal or corporate confidential information over the phone to someone whose identity you can’t confirm.

The Security Awareness Company

With over 25 years of industry experience, we serve both small & large organizations to create successful security awareness and compliance programs on an international scale. Our team is a strong, creative powerhouse with a passionate vision and we consistently produce on-trend end-user training materials of the highest caliber.

Latest posts by The Security Awareness Company (see all)