Security Awareness Training
Social Engineering
A social engineering attack can be defined as a psychological attack that exploits human behaviour or our cognitive biases TO persuade them to reveal confidential information, share login information, grant access to a personal device, or otherwise jeopardise their online security. One of the most frequent types of cyberattacks is still social engineering.
​
The best way for the organisation to defend against such attacks is to educate the staff, act responsibly, and make the staff aware of such security scenarios and the risk involved.
​
PKF Algosmic has meticulously created a number of attack scenarios that closely resemble real social engineering attacks in order to evaluate the employees' awareness. These attack scenarios include computer-based attacks that employ various techniques to persuade a user to download or click on a malicious file, provide personal information or sensitive information that could potentially put the organizations security at risk.
Types of Social Engineering Attacks
With cyber criminals devising more and more innovative and manipulative methods to trick people and employees, organizations must be a step ahead. Below are some of the most common types of social engineering attacks that are performed:
​
-
Phishing - Phishing is a cyberattack technique that uses email, phone, SMS, social media or other form of personal communication to entice users to click on a malicious link, download infected files, install ransomware or reveal personal information, such as passwords or account numbers. Phishing is one of the most common types of cyberattacks and it continues to grow in prevalence year over year. COVID-19 pandemic observed a dramatic increase in the number of phishing cyberattacks that were performed.
​
-
Whaling - A whaling attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems. The difference between phishing and whaling has to do with the level of personalization. While phishing attacks are not personalized and can be replicated for millions of users, whaling attacks target one person, typically a high-level executive.
​​
-
Business Email Compromise (BEC) - Business Email Compromise (BEC) is a social engineering technique where the attacker mimics a trustworthy executive who is authorized to deal with financial matters within the organization. Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad.
How to Prevent Social Engineering Attacks
Following are some of the tips to keep in mind whenever you receive any kind of communication from an ambiguous, unfamiliar, or suspicious source:
​
-
Make sure the source is reliable. Verify that the incoming emails and calls are from a trustworthy source.
-
Don't ever click and open links or download files from emails from sources you don't recognise.
-
Enable multifactor authentication to reduce account compromise.
-
Do not insert unknown USB devices or other devices into your computer.
-
Maintaining regular system updates will reduce your system's exposure to known vulnerabilities.
-
Use anti-virus software to detect and prevent unknown threats.