Saturday, March 7, 2015

6 Social Engineering Scams and How to Avoid Them

Social engineering threats are everywhere. Even most tech savvy and skilled IT professionals are highly affected by these social engineering problems. There is no guarantee that these problems can be permanently avoided but we can definitely follow some methods to protect yourself against them. 

1. Misplaced Flash Drive: 

You must have observed accidentally dropped flash drive in your company’s parking lot or staircase. Curious employees pick up these flash drives and connect it to company’s computer. Most of these flash drives are exploited with malicious apps to hack into your computer. This tact has high success rate. Microsoft has provided a security feature in Windows OS that disables all automatic app launches from portable flash drives. Even companies can disable USB ports on office machines to avoid getting office data leaked.

2. Legitimate Looking Phishing Mails: 

Even though majority of phishing mails are in poor format and broken English. Some smart hackers purposely create legitimate looking phishing mails. If you find some believable schemes from credit card or insurance companies or even human resources department, please verify that it is coming from genuine source. You can learn the typically designed persuade to make you click on the link or submit your personal information.

3. Emails From Friends and Colleagues: 

This is similar to phishing mails. These are spear phishing or directed emails that are targeted to specific user or group of users. Hackers can easily get the data of your friends and colleague’s email addresses from their social media accounts. In most cases, hackers use the trick of adding a malicious attachment. So if you ever receive an email with attachment that you were not expecting, verify the source before opening it.

4. Phone Calls

Hackers these days have started using many intelligent tricks to hack into user’s online account. Hackers also use phone calls to either collect more personal information about you or validate what they already know. The best way to defend against this trick is to note down the number and offer them to call back again or, you can test the caller by asking them information that they already know about you. And never disclose sensitive information such as passwords on phone call.

5. Email Account

Email accounts have been target of attraction for hackers for a long time now. Hackers can initiate the email to reset the password and if you click on the link, you may gain them access to your email account. In some cases, hackers randomly guess the reset question based on your public profile information. Even though there aren't many things that you can do with social engineering attempts made on email providers but, you can definitely secure your domain by placing lock on ownership transfer and DNS informant changes.

6. Office Security

Statistics shows that most of the hacking attempts happen at the office. The risk of physical access cannot be overstated in most cases. If you operate in small business where everyone knows everyone, you can use security tag with photo identification. Employees also need to be trained to watch out for fake badges. 




This article originally published by:-efytimes

No comments:

Post a Comment