31. 8. 2021
How to protect yourself from phishing and social engineering
Read this article to learn about the main kinds of phishing and social engineering scams and the best ways of staying safe from them.
These days, cyber criminals are increasingly inventive, finding more and more ways to get between you and your data. And while remote work has brought huge benefits, it has also increased the opportunities for them to do just this. To prevent data breaches, you need a strong security posture, capable of responding to constantly evolving threats.
In this article, we’re going to break down the most common forms of social engineering cyberattacks. At the same time, you'll get some tips for making sure that you, your sensitive information, and your business stay safe.
In this article:
A definition of social engineering
First off, we should probably explain social engineering. At its simplest, social engineering exploits a person’s thoughts or feelings to gain access to valuable information. This includes things like login details, social security numbers, or credit card information.
One classic example is the Trojan Horse. With this, the phisher sends an email with an attachment of some kind. Once opened, the attachment runs malware targeting the system.
But the thing is, you only ever open the attachment because the phisher uses psychological manipulation. They always pretend to be someone else – a reputable company, a person in need.
We know about these techniques. And remote access technology is growing more and more secure. Despite these two facts, though, there’s always someone willing to help a stranger, enter an unfamiliar contest, or use a weak password.
Here, we’ll discuss the common strategies criminals are using right now. As well as some tips for preventing you from opening the door to Trojans and all other kinds of cyberattacks.
Phishing, spear phishing, and whaling
Everyone with an online presence faces dozens of phishing attempts daily. Phishing emails or messages appear to come from legitimate sources, like your bank, and succeed through volume. Because even if only one in 10,000 people fall for it, sending a million emails means 100 victims.
A common phishing attempt might urge you to click a link to 'verify your account details’. This then leads to malware installation or directs you to a legitimate-looking web page to steal your information.
Another tactic, spear phishing, is more targeted, referencing personal details from public records or data leaks to appear legitimate.
Whaling targets high-ranking officials like government officials or CEOs with significant access to sensitive data. One infamous example comes from the social media company Snapchat. After getting an email from its supposed-CEO, someone in HR handed over staff payroll data to a phisher.
How to protect yourself from phishing
Phishing awareness training can be a gamechanger in defending yourself. Instruct employees not to click on links or download files from suspicious emails or SMS messages.
Be cautious about sharing personal details on social networks that hackers might use in spear phishing scams. Remember, reputable service providers like TeamViewer never ask for passwords or personal information via email.
Read this article about unsafe links and keeping safe from phishing to learn more.
Another strategy is simply to make it more difficult for any would-be attackers. Using different passwords for each site and managing them with a trusted password manager can go a long way. Enable TeamViewer’s two-factor authentication for both connections and accounts.
Pretexting
Pretexting involves a hacker pretending to be someone with legitimate access, like a vendor or tech support. They often do this over the phone to catch the target off guard.
More than likely, they will create a sense of urgency. They might ask if the company uses a remote access tool and whether they can log in.
How to protect yourself from pretexting
Deny pretexting attacks by establishing protocols for when and how outside vendors or tech support will contact employees. Some organizations use a code word for verification.
Another thing to do is notify employees when an outside vendor is doing work to prevent unexpected calls. Activate TeamViewer's Easy Access, which gets rid of the need for passwords and relies on TeamViewer for account validation.
Baiting
Baiting involves leaving a physical device, like a USB drive loaded with malicious code, in places where workers will find it. Often, the attacker will go to great lengths to get someone to use the bait on their computer. Printing the company’s logo onto the device, for example, or labeling it with something to make people curious.
Despite the rise of cloud computing, baiting is still effective. In 2016, the University of Illinois conducted a study where researchers left USB drives all around the campus. People picked up 98 percent of the drives, and nearly half of the drives were plugged into computers.
How to protect yourself from baiting
Educate employees not to plug unknown devices into computers. One approach is to implement policies against using USB drives for file transfers. You can also use administrator tools or endpoint protection software to disable USB ports and CD drives. Use TeamViewer’s file transfer function to move files between devices securely.
Summary
In the real world, social engineering attacks are targeting all organizations, regardless of size or industry. These attacks exploit human nature — curiosity, excitement, and helpfulness. To avoid falling victim, always err on the side of caution.
Staying vigilant and implementing robust security practices is the best way of keeping safe. Along with phishing training, you can protect yourself and your organization from the ever-evolving tactics of cyber criminals.
Have you experienced social engineering threats?
Find and share solutions in our Support Forum and Knowledge Base.