Social engineering–the use of psychological manipulation to gain and abuse the trust of humans.
Social engineers have long taken advantage of human emotions. It’s how they’re able to convince people to divulge sensitive information or provide access to controlled areas of buildings and offices. The tactics that scammers use have been around forever–particularly pretexting.
A pretext is a made-up scenario designed to trick people into trusting the scammer. Most, if not all, social engineers use some form of pretexting, such as promises of large sums of cash or threats claiming that your bank account needs to be updated due to fraudulent activity.
In some cases, scammers will log weeks or months of research towards developing sophisticated attacks that use pretexting to target specific organizations. How does it work? Let’s see it in action and gain a stronger understanding of the psychology of a scam.
Pretexting in ActionPretextingScam
Sam handled this situation poorly. And before you think this generic type of attack would never work on you or other members of your organization, listen to Jayson Street’s story of when he was hired to hack a large bank in Beirut. It was filmed by National Geographic as a part of their series called Breakthrough: Cyber Terror. Street walked into the bank (wearing a hidden camera) and physically accessed the tellers’ computers by pretending to be a member of the IT team. A fake badge, a suit, and a good pretext; that’s all it takes to compromise an organization.
Don’t let the Sams of the world get tricked by the Donnas of the world. Take action and build a culture of security aware, scam-resistant human firewalls.
How to Protect Your Organization from Pretexting
Train Your Employees to Spot Social Engineering
Nothing trumps education when it comes to preventing successful social engineering attacks. If your employees know to remain skeptical at all times and to never blindly trust someone, regardless of how legit that someone may appear to be, your organization’s risk profile dramatically improves.
Don’t Underestimate Yourself
Regardless of the position you hold within your organization, never assume you won’t be a target. Granted, the higher level of access you have, the more attractive you are to scammers. But everyone, from the CEO to the front desk, is fair game, and everyone shares the responsibility of thwarting off would-be threats.
Utilize Penetration Testing
Street’s bank hack demonstrates how important it is to identify the vulnerabilities and strengths of your organization, which is exactly what penetration testing provides. By hiring a third-party to break into your networks and buildings, and by phishing your employees, you can measure your risk surface and establish a plan to convert your weaknesses into strengths. A big part of security is finding the holes before the bad guys do!