How to protect your Company against Social Engineering attacks?

Presently, Companies have many concerns and preoccupations about traditional hackers’ attacks. In other words, those are attacks that hackers will try in order to directly compromise the availability of a system. Therefore, exploring some failure in a certain software. And also compromising the operation of a certain service.Obviously that all of those precautions are completely legitimate and necessary. However, there is also a topic that many Companies end up failing to give the deserved importance, but that is utilized with frequency by virtual criminals.

This topic is about the attacks related to Social Engineering.

It is with respect to such theme that we will talk about in this article.

SOCIAL ENGINEERING

Probably you have already heard about it. However, what Social Engineering could be?

Social Engineering is a strategy utilized by virtual criminals to deceive users. Therefore, through virtual attacks, the users are induced to practice improper actions, such as: making payments to an “alleged rescue of information” or simply clicking on links with malware contaminating their respective computers.

There are several attack tactics through the usage of Social Engineering.

Therefore, we will list some types of Social Engineering attacks and what are the recommended actions.

TYPES OF ATTACKS

Phishing

The Phishing attack is based on the attempt of capturing personal data from users, in order to obtain illicit benefits. The criminal can utilize any communication media with the intent of making the user fall into a determinate trap.

This is one of the attempts of attacks that are occurring more commonly in the present time.

One common example is the receiving of emails informing that the user is defaulting with certain payments and that the victim needs to regularize it quickly. In this manner, the email requests the routing of personal information from the user.

For this type of situation, the recommendation is to never referring sensitive data. When in doubt of the authenticity of the content, the appropriate thing to do is to contact directly the respective company through their official service channels and rectify the doubt.

Sextortion

The sextortion attack is based on the intimidation of the user with the intent of frightening the victim. With this situation, the perpetrator makes the victim pay a certain amount so that a certain intimate content is not disclosed publicly.

One example of attacks of this kind is when a user receives an email displaying a possible intimate content and the criminal, with the intent of threatening the person, intimidates about a “possible leaking” of information.

In order to illustrate the situation, let’s see below an example of a text elaborated by a “supposed criminal” in the attempt of making this attack:

“Do you find strange to receive an email coming from your own email address? It is not strange, what happened is that yesterday without noticing, you ended up clicking a malicious link and now I have total access to your email, as well as all the content in your computer. I have total access to your pictures and personal videos. In order for you not to get all of your information leaked, follow the procedure subsequently for performing the payment of the ransom, otherwise I will expose all of your photos and videos publicly, as well as your confidential files. I believe that you don’t want this, I am correct?”

Realize that in the example text above, the “supposed criminal” tries to cause a sensation of fear in the user.

How to react then?

The answer is:

Calm down, don’t be afraid!

In a large part of the attacks of Social Engineering, the criminal will try to induce that he(she) has ultra confidential data about you and can actually do something to harm you.

In the majority of times this is a “bluff” and the criminal has done nothing more than telling a history for trying to induce the victim to make some payment or something which might compromise the network of your Company; or even the data that is inside your Computer.

Keep calm and notify the situation to your IT team. Very likely, other users also received emails with fake content.

Quid Pro Quo 

This kind of attack aims to deceive the user. Thus, making the victim believe that he(she) could gain a certain bonus.

Normally, the criminal will get in touch with the user, proposing “possible sweepstakes” for competing to several kinds of products. In the face of this scenario, in exchange, the user needs to send some confidential data or clicking on links infected with virus.

In this case, the recommendation is simply ignoring such types of “sweepstakes” and not clicking on any unknown link.

Pretexting 

In this type of attack, the criminal tries to pass as somebody known by the user in order to be able to capture confidential information in a legal form. The criminal tries to get closer to the user, in order to pass credibility to the victim. With that, once the hacker get this kind of trust, the criminal can forward infected links. Finally, until the user ends up actually contaminating his own computer.

In situations like those, you must always suspect and never forward confidential information.

In case, there is a doubt, contact your Company’s IT Department and inform the situation that has occurred. Don’t be afraid to “lose your reliability” or “diminish your networking”.

Well-intentioned people will not get in contact asking for confidential information. Principally which can compromise you or your Company.

FINAL CONSIDERATIONS

Those were just some kinds of attacks of Social Engineering. However, there are several others.

The best way to combat attacks originating from Social Engineering is the information.  Which in conjunction with monitoring solutions of networks, email filters and firewalls will enhance the actions to mitigate this threat.

For this reason, share useful information with the respective users of your Company. Also, promote information about the possible types of attacks. Maintain the visibility of your network and use the control tools for reducing vulnerabilities.

This without a doubt will bring a higher tranquility for the users by dealing with a possible Social Engineering attack, as well as diminishing the risks of an attack such as this to be successful.

In this way, there are no doubts about the importance of investing on network management. In this manner, bringing not only benefits to the network visibility but also being a complementary way to seek for the prevention of problems that might cause the dropping of network services.

Thinking of that, Telcomanager present in the market since 2002, and a leading Latin America brand in the sector of software for managing networks. Also counting with a unique and innovative technology, deploying smart solutions in the monitoring of data that will provide a stratified vision of the traffic, is now allowing your Company to follow the most important aspects of your network, in real time.