Articles > Information Security
Printer Friendly Version
Views: 6574

Prevent Social Engineering Attacks

Last Updated: 11/14/11

What Is Social Engineering?

uncle sam social engineering

Social engineering is probably one of the most dangerous (and least understood) threats to computer security. In basic terms, social engineering is defined as: an attack that tries to take advantage of a human instead of taking advantage of a security hole within the computer itself. This is a very dangerous attack method, because there is no security software in the world that can prevent humans from making mistakes. The only defense is user awareness! Social engineering attacks can come in many forms including, but not limited to:

- An email pretending to be someone they aren't in order to convince you to download a virus, visit a malicious website, or reply with confidential information (your password).

- A phone call trying to get you to visit a malicious website or divulge confidential information. (This type of attack has become more common recently!)

- A person who physically shows up in your office with a fake ID pretending to be a maintenance person in order to gain access to a private area.

- A letter arriving in the mail to warn you of your impending account closure if you don't visit a certain website and pay immediately.

- A website that says you are infected with many viruses and you must "click here" to have them removed for a small fee.




- A website that requires you to install a small program to continue to the page you requested.

Here are a few suggestions to help you thwart a social engineering attack:

- Do not believe everything you see or read, especially if there is a strong urgency to the message. (ex: we will close your account immediately unless you....)

- Always confirm messages from a second source (i.e. if you think your bank might actually be closing your account, call them on the phone, do NOT reply to the email)

- Always be skeptical first and trusting last, even if you consider the source "trusted"

- Never provide more information than absolutely necessary (why does this photo website need my SSN#?, why is this news website asking for my email password?)

- Do not provide your password "out of context" (if you are viewing the news and your bank or facebook login screen suddenly appears, do not login)

- Slow down and do not be impatient (if a message appears telling you to install a video codec, do not blindly accept it so that you can view the video ASAP, it could be a virus!)

REMEMBER: You must practice good security habits. Security software is helpful, but it is NOT the solution. In fact, fake security software and websites that inform you of fake infections are VERY COMMON. Be cautious about security software that you did not install yourself or that you do not recognize!


Don't forget....

Only YOU Can Prevent Social Engineering!





Keywords: cyber security, social engineering, online safety viruses malware