7 Social Engineering Red Flags to Watch For.
Here at Fusion, we are always looking for ways to help Users protect their network assets, company data and confidential information. In fact, as an ISO 27001 accredited organisation, we offer key security solutions from Sophos, Microsoft and Proofpoint to protect our clients and give them peace of mind.
However, no solution is ever 100% full proof and, in addition to the solutions we deploy, we like to give out tips-and-tricks that can help Users protect themselves from the latest tactics used by cyber criminals.
One such tactic is social engineering.
What’s that I hear you ask?
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. To elaborate, this can take the form of a type of confidence trick for the purpose of information gathering, fraud or system access. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme.
The most common attack vectors using social engineering are malicious emails and fake websites that solicit personal information by posing as legitimate channels from a real organisation. Some of these malicious emails and fake websites are poorly constructed and executed and stand-out like a ‘sore thumb’. Others can look genuine and use convincing language to manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps.
So, what are the top 7 Social Engineering Red Flags?
Well, if we focus on email, it is useful to go through the following process in your head to identify the ‘good’ from the ‘bad’.
1. Who is the Email from?
- You don’t recognise the sender or domain.
- The email was sent from a familiar contact but contains unusual content.
2. Who is the Email Addressed to?
- You were cc’d on an email but don’t recognise the other recipients.
- The email was sent to an unusual mix of people in your organisation.
3. Does the Email Contain Hyperlinks?
- Hover over links before you click on them, to confirm the domain.
- Avoid clicking on misspelled and unusually long hyperlinks.
4. What Was the Email Subject?
- The subject line is irrelevant or doesn’t match the message content.
- The email is asking for a response to something you never sent or requested.
5. What Was the Content of the Email?
- The email contains compromising, threatening or explotative content.
- There are multiple spelling and grammar errors, or illogical sentences.
6. What Time Was the Email Sent?
- You received a routine email – but far outside normal business hours.
7. Did the Email Have Any Attachments?
- There is an unexpected or suspicious attachments in the email.
- The email contains a potentially dangerous file type.
Whilst these ‘flags’ are not a guarantee you will avoid being victimised, they will certainly reduce the odds of a successful social engineering attack against you. Plus, if you have taken steps to put network security measures in place, you are less likely to be a target.
That’s where Fusion IT Management come in, In addition to the advice above, we can offer a range of solutions to help you protect your company, employees and data.
Interested? Please call us on 0333 241 4123 or email [email protected] for professional, impartial advice.
Thanks
Richard