Social Engineering

What is social engineering? The psychology of phishing, smishing and scareware

When it comes to the security of our computers and online devices, what we often think of first is keeping them free of insidious viruses – throwing up firewalls and ensuring our anti-virus protection is bang up to date. Unfortunately, those protections can be quite easily overcome by one small vulnerability – human psychology.

Social engineering: a definition

Social engineering is the process of manipulating people in order to obtain confidential information or to trick users into making security mistakes. The term is used to cover a broad range of malicious activities from phishing, smishing, vishing (voice phishing) and scareware, to deceptions such as the ‘honey trap’ (whereby attackers pretend to be romantically interested in the victim) and the well-known ‘Nigerian prince just briefly needs your bank account’ scam.

Social engineering: how does it work?

When it comes to cyber-security, people are often the weakest link in the security chain, with the unpredictability of mistakes made by users making them harder to identify and avoid. It is much easier, for example, to pretend to be a company tech support agent and fool a user into giving up their password than it is to hack that same password (unless, of course, the password is password1!)

Social engineering attacks happen in one or more steps. Particularly when it comes to business attacks, a hacker may first investigate their target to gather background information, such as weak security protocols or potential points of entry. They will then move to gain the victim’s trust and to provide motivation for the user to give up information or to grant access to business resources.

Social engineering: what are a hacker’s motivational methods?

Knowing your Psychology 101 is a good way to avoid being scammed, as social engineering relies almost exclusively on what are known as the ‘principles of influence’ (a theory established by psychologist and professor Robert Cialdini in 1984). These methods of influence include:

 

Authority – whereby an attacker poses as someone ‘in charge’, requesting (ordering!) compliance.

Consensus – influencing users by convincing them that this is ‘what everybody else is doing’.

Familiarity – after all, if you receive an email from a friend, surely the link they have provided is legitimate?!

Intimidation – whereby the attack comes with a threat of negative consequences should the request not be granted.

Scarcity – ‘Only five left!’ or ‘While supplies last!’, which goes hand in hand with:

Urgency – ‘Act now or it will be too late!’

 

Note that scarcity and urgency often both relate to that little human tendency towards greed – many of us don’t want to miss out on something great, which can lead us to clicking first and thinking (and possibly regretting) later.  

Defending against social engineering attacks

When it comes to protecting your business and safeguarding against malicious social-engineering attacks, your defence should be four-pronged:

  1. Ensure the lines of communication within the company are open and positive. If an employee believes that an attack has occurred due to their inadvertent error, the first thing you want them to do is report it – not hide it away in fear of reprisal.
  2. Train your staff to recognise the various methods of influence and to always think, check and double check before providing sensitive information. Cybersecurity staff awareness is key!
  3. Test the effectiveness of your training (yes, you can do some phishing yourself to check if you catch anything!) and redeploy the training often to ensure it is always fresh in the minds of your employees.
  4. Close your protection circle by also implementing cybersecurity measures – this will not only limit the number of attacks getting through to your staff, but can also help to minimise any damage caused by a successful attack.

Call Geelong’s cybersecurity experts 

Servicing Geelong, the Bellarine Peninsula, the Surf Coast and surrounding regions, Geelong Technology Group helps small and medium businesses succeed by supporting and managing their IT requirements. Armed with the latest social-engineering information, we can not only assist your business with security awareness, we can also implement comprehensive cybersecurity solutions, ensuring your important business information is cybersecure.

Give us a call today to find out more on 1300 GET GTG (1300 438 484) or stop by our showroom at 166 Francis St, Belmont.

Clean Up Your Computer Month

January is Clean Up Your Computer Month: Organisation and Efficiency Tips

If freeing up hard-drive space and ensuring your computer is running at maximum speed and efficiency is top of your New Year’s Resolutions list… we’re here to help! (And, of course, even if you think New Year’s Resolutions are rubbish, and you haven’t considered the state of your hard drive for some time, we would still urge you to read on!)

With January officially dubbed Clean Up Your Computer Month; here are some easy ways to clean up your laptop or desktop and get organised for the new year:

Number one priority: Backup your computer

Sometimes when we start cleaning, we can get a little gung-ho with files and something important can be inadvertently deleted along with the ‘trash’. (It’s a bit like vacuuming – the job is going so well that you don’t see those Lego pieces until it’s too late…) So – the first priority of any clean-up is to ensure you do a computer backup first. A backup can involve mirroring your hard drive on an alternate disk, duplicating files to the cloud or backing up your data to an external hard drive. For more details, see our computer backup blog.

Organise your photos and your files

Okay, so we all know that organising photos is never a quick process; reminiscing over that Thailand trip can take hours, after all – but slotting those images into a dedicated Thailand folder (and ensuring they’re backed up to the cloud) will save searching time in the future. Likewise, ensuring your important files are correctly named and placed into a logical folder structure is a kindness to your future self. (Remember: if your computer desktop looks like a giant virtual toddler has scattered documents and folders across its entire surface, this is the place to start. A clean virtual desktop is just as practical and advantageous as a clean and organised desktop IRL. Oh, and while you’re at it, why not check that your physical desk setup is ergonomically sound?)

Delete what you don’t need

Downloads you don’t need? Delete! Files that are no longer relevant? Delete! Programs and applications you haven’t used for months or years? You know what to do! (Actually, with programs and applications – make sure you actually correctly uninstall these, rather than just hit ‘delete’, otherwise they may still be there running and taking up space in the background.) Oh, and when you’re done with your delete-athon, don’t forget to clear your recycle bin as well.

Straighten up your online self

All of this productivity enhancement will be curtailed if you still have 10,077 unread emails in your inbox and no less than 43 tabs open on your internet browser. Make your email attack a three-pronged approach. First, delete old emails that no longer require your attention. Second, create a folder system that will work for you, allowing you to prioritise and differentiate between work, family and friends. Finally, get busy unsubscribing from email lists you know that you don’t need – time spent now will leave your inbox much clearer in the future.

Cleaning up your cookies and deleting your browser history can help improve your internet experience. Further enhance your online browsing by also tidying up your bookmarks (delete those you don’t need, rename and assign to custom bookmark folders those that you do use). And, if you’re feeling really inspired, you could even jump into your social media accounts, ensuring your security and other settings are tailored to your requirements.

Get physical

We wrote a blog last year about the importance of physically cleaning your computer and computer accessories – for your health and for the health of your equipment. If you haven’t checked it out yet, Clean Up Your Computer Month should be an excellent catalyst to do so!

January might also be time to take stock of your hardware and to get rid of those items – laptops, computers, monitors, tablets, mobile phones, printers, chargers, cords or other accessories – you no longer need. Remember that up to 95% of materials from recycled electrical goods can be recovered for reuse, so check out Planet Ark for details on what can be recycled and where.

And finally…

Make sure your cybersecurity is up to scratch (all of this cleaning will be for naught if your system is invaded by a virus or malware) and reach out if you need assistance. The experienced team at Geelong Technology Group can help; backups, anti-virus protection, managed IT support solutions, computer repairs, Ubiquiti phone systems and new software or hardware. So, don’t hesitate to give Geelong’s technology experts a call. 1300 GET GTG (1300 438 484) or stop by our showroom at 166 Francis St, Belmont.