Get to Know These Social Engineering Red Flags
Ever get an email that just seemed off? An invitation to click on a link from a stranger, or a weird request from a usually trustworthy source?
Chances are these were examples of social engineering, cybercriminals’ attempts to manipulate, influence or deceive you into taking some action that isn’t in your own best interest or in the best interest of our organization.
Good cybersecurity practices and knowing social engineering when you see it go hand in hand. So this Cybersecurity Awareness Month, we’re sharing this training course covering the ins and outs of social engineering. You’ll learn:
- The different types of social engineering attacks cybercriminals use
- Key signs of social engineering
- What actions to take to avoid making yourself or or organization the latest victim of a cyber attack
Cybersecurity Tip #1: Shake up your password protocol
We encourage you to use the longest password or passphrase permissible. The longer the password, the longer it will take to crack. When a password cracker has more characters to fill to guess the correct password, it's exponentially less likely to get it right. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read the Creating a Password Tip Card for more information.
Cybersecurity Tip #2: If you connect, you must protect
Malware security protection provides that second vital layer of protection for your computer or network. ... Good antivirus protection can also recognize — and warn against — even previously unknown malware threats, based on technical features (such as attempting to "hide" on a computer) that are characteristic of malware. Key malware statistics from DataProt:
- 560,000 new pieces of malware are detected every day.
- There are now more than 1 billion malware programs out there.
- Every minute, four companies fall victim to ransomware attacks.
- Trojans account for 58% of all computer malware. A Trojan comes attached to what looks like a legitimate program. In reality, it is a fake version of the app, loaded up with malware
Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software. Read the Malware Tip Card for more information.
Cybersecurity Tip #3: Play hard to get with strangers
Cyber criminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks ‘phishy,’ do not respond and do not click on any links or attachments found in that email. Key phishing statistics from Expert Insights:
- Almost 20% of all employees are likely to click on phishing email links
- Of those, a staggering 67.5% go on to enter their credentials on a phishing website
- Microsoft is the most impersonated brand globally when it comes to brand phishing attempts
When available use the “report phish” or “report” option to help our organization block other suspicious emails before they arrive in your inbox. Read the Phishing Tip Card for more information.
Cybersecurity Tip #4: Double your login protection
Now more than ever, organizations need to take all necessary precautions to secure their systems and data. According to TeleSign, 54% of consumers use five or fewer passwords for all their accounts, which gives hackers the ability to take down multiple accounts just by cracking one password. Passwords alone are not enough.
Multifactor authentication (MFA) can help stop cyber-attacks in their tracks. Enable MFA for all accounts and devices to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more information.
Cybersecurity Tip #5: Never click and tell
Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are – and where you aren’t – at any given time. Read the Social Media Cybersecurity Tip Sheet for more information.
Cybersecurity Tip #6: Keep tabs on your apps
Most connected appliances, toys and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk.
Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources. Read the Mobile Security Tip Card for more information.
Cybersecurity Tip #7: Stay protected while connected
Before you connect to any public wireless hotspot – like at an airport, hotel, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
If you do use an unsecured public access point, practice good internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking. Read the Best Practices for Using Public Wi-Fi Tip Card for more information.