What is Social Engineering?

Social engineering is a method of manipulation of a target for the purposes of getting the target to act in a certain way. It can be something small and simple or as big as transferring $50K to some newly modified account details that the malicious actor convinced you to change for them.

There are some great examples of this and is truly a method that can be used to bypass all amounts of security. It really does not matter how many expensive new security boxes you have put in with those hypnotic multicolour-flashing lights.

By Cyber Security TEam

This is a human-specific attack that tries to use the good nature of us humans and get us to do as they will, most people just want to be helpful and if you give them no reason to raise alarm bells that this is suspicious they won’t give you any arguments. They will happily reset your password if they believe you are that user or help you get remote access from your home pc, especially technical staff as that is their jobs.

One example of this technique was used by a hacker Jessica Clark when she was asked to attempt to break into a reporter’s/researcher’s accounts just to see if she could as part of their story. After just three minutes of the experiment, it was something that he regretted as she had full access to all of his accounts. Check it out here.

Another example of an impressive social engineering attack is during a CNN report which was involving a team of professional social engineers where they got an organisation’s IT department to open up a malicious file (infecting the IT persons machine) and allowing them access to their systems. Check it out here. This was even faster than the first example and all they used was a spoofed phone number to make it look like an internal number (easy to set up) and the attacker’s social skills.

Throwing money with new security toys doesn’t solve this problem, you need to put in procedures that force all of us to do checks and not just do what the person on email or phone wants us to do. Put in tested procedures to ensure that bank account details cannot be changed without a two-person confirmation or something. Use multifactor authentication to help reduce users giving access to a social engineering attacker with still needed that secondary app or phone to authenticate the access.

Do some training with your staff, help to teach them what signs to look out for and teach them the new procedure so they know exactly what is required. If you just implement a new procedure but don’t train anyone on them, they won’t be followed. Social engineering is hard to protect against but with some real effort, you can really make a big difference in your organisation’s protections against this form of attack.

If you need help with training or helping to generate solid security procedures reach out to our security team via cybersecurity@davichi.com.au and we will be more than happy to help.

Need help?

If you need help with training or helping to generate solid security procedures reach out to our security team via cybersecurity@davichi.com.au and we will be more than happy to help.

Need more information?

For more information, Click Contact Us, or call us on +61 7 3124 6059 and speak to a Davichi Representative Today!

Lets Talk

Please fill in this form, and our sales team will get back to you as soon as possible.