A social engineering attack needs only one thing to be successful: the trust of the targeted party. All it takes is a single email, phone call, or text message that appears to come from a trusted source for a cyber criminal to gain access to sensitive information.
6 Ways to Protect Against Social Engineering Attacks:
Read the tips below or scroll down to view the full infographic.
1. Carefully Inspect All Incoming Messages
Cyber criminals who use social engineering tactics are banking on their victims acting first and thinking later. Examine all aspects of your incoming messages for suspicious elements, such as a spoofed email address or website URL.
2. Be Wary of An Urgent Tone
Social engineering campaigns typically lean on language that conveys a strong sense of urgency. Examples include high-pressure sales tactics and intimidating ultimatums, such as the threat of legal action.
3. Beware of Unexpected Messages from Your Contacts
Cyber criminals routinely take over people’s email accounts to try and trick that person’s contacts with a scam. If you aren’t expecting an email from a contact, especially one with a link or attachment that is out of character, verify its legitimacy before opening.
4. Delete Any Request for Financial Data or Passwords
If you’re asked to reply to an email, phone call, or text message with your financial or password information, it’s likely a scam. Even if the message promises a reward in return, never divulge sensitive information in a response.
5. Don't Click on Suspicious Links Or Attachments
Don’t click on unexpected links, even if they come from familiar email senders or organizations. You can be redirected to a website or start a download that can infect your device. The same guidelines apply for email attachments.
6. Utilize Your Email Client's Spam Filter
Every email program comes with a spam filter. In your account settings, adjust the filter options to your liking and periodically check your spam inbox for any legitimate mail that got sent there by accident.
Teach employees to detect and report cyber threats with engaging, effective cyber security awareness training.
