What's Social Engineering? The Bad Guys Are Phishing for YOUR Information

At Comtel Communications and Simplicity VoIP, we are committed to encouraging personal accountability, securing and maintaining digital privacy in the cybersecurity landscape.

Whether we like it or not, we all have a digital footprint. Information about both our professional and personal lives are exposed. We are all at risk for falling victim to Social Engineering attacks.

According to the 2018 Data Breach Investigations Report, phishing and pretexting represent 98% of social incidents, and 93% of breaches. Coming in at 96%, email continues to be the most common vector.

While Social Engineers’ tactics may seem difficult to spot on the surface, here are some common ways to spot and thwart their attempts to steal our private information, such as:

  • They request or appeal for sensitive, personal information, such as SSN, user IDs, passwords, or banking information.
  • They send correspondence that comes with a sense of urgency – you may be missing out on a deal, service or network shutoff, or even loss of funds.
  • They open with communication from a perceived authority, perhaps your bank or utility company.

Social engineers exploit our willingness to provide information and are good at creating a trust relationship. Being able to recognize social engineering attempts is key:  These common terms and methods can help you recognize an attack.

Phishing – (The mother lode of social engineering) Using email to trick you into providing sensitive information, to include a reply to the original malicious email, clicking on bogus links or opening attachments, and entering data.

Spear Phishing -These are phishing attempts aimed at specific targets, such as research engineers.

Pretexting—Typically utilized in email, this is a technique where a fake situation is created using publicly available details on the target where the information is used for manipulation or impersonation.

Scareware – As the name implies, a frightful pop-up attempting you to type in confidential, personal, and private information in order to rectify an infected computer issue.

Vishing – Utilizing the telephone in attempt to trick you into providing valuable, most likely confidential, information.

Baiting – An attempt to hook you in by offering goods, such as a free device or gift card.

Phishing remains the number one social engineering strategy, the buried treasure for the bad guys. Countless phishing email messages are sent to unsuspecting targets every day. While many of these messages are so bizarre that they’re obviously fraudulent, others might be more convincing.

So how do we guard against these phishing attacks?  Unfortunately, there is no one key tactic or process, but a host of things you can look for.

  • Look out for mismatched URLs – hover your mouse over the URL and compare the address.
  • Poor grammar and spelling could be an indicator that it is a phish.
  • A request for personal information, or worse, asking for money, especially with urgency, can be a phish.
  • An offer that appears too good to be true probably is.
  • Unrealistic or unlikely threats could be a phish.
  • Content just doesn’t look right - trust your gut.

To read more on Cyber Security Awareness tactics. https://blog.simplicityvoip.net/october-is-national-cyber-security-awareness-month

We are here to help!  There is no such thing as a cyber world devoid of risk. But information is power and understanding the threats you face today can only help you improve your security for the incidents you will face tomorrow.

To best review your cybersecurity needs, confer with an agnostic technology agent or consultant to gain a deeper overview of the wide range of solutions and how each one fits in with what you’re trying to accomplish. In addition to assisting you with procurement, they can also handle ongoing care.

To learn more about Simplicity VoIP https://www.simplicityvoip.net/about-simplicity

Simplicity VoIP, based in Richmond, VA, provides hosted PBX, VoIP and business telephone solutions nationally to small, medium, and enterprise-level businesses for a comprehensive unified communications experience. It’s Class 5 geo-redundant VoIP platform is offered in addition to fax-to-email, phones and equipment, and managed services. Named as Richmond’s 11th fastest growing company by Richmond BizSense in 2018, Simplicity VoIP’s key to success is its on-site service, installation and training supported 24/7/365 by a world-class client services team.