A Short, Very Useful Guide to Social Engineering



Roger_Grimes_400x400Knowing how to identify indicators of social engineering can alert you when someone tries to manipulate you, according to Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist. In an article for CSO, Grimes laid out several common red flags that are often present in social engineering attacks.

The most common warning sign is any email, website, or phone call asking for your password. Always make sure you’re on the legitimate website before logging in, and use multifactor authentication wherever possible.

The second most common red flag is anything online that asks you to execute content. This can be a download from a website or a Microsoft Office document that needs you to “Enable Content.” The file you’re executing is usually a simple dropper which will download more complex and damaging forms of malware.

A third sign is a suspicious URL. Employees need to know how URL structures work and how attackers can disguise domain names and links to appear legitimate.

Another extremely important indicator to be wary of is unusual requests for money transfers or changes to payment account information, even if the requests come from a trusted email contact. Business email compromise scams have caused $26 billion in losses since June 2016. Organizations should have policies in place to reduce the likelihood of these scams succeeding, but employees still need to know how to recognize suspicious requests.

Other signs of social engineering include the use of stressful scenarios to motivate you to act quickly, the inability of someone to talk on the phone to verify their identity, and trying to move your conversation to a different, less supervised platform. Grimes explains that there’s no reason to trust that anyone online is who they say they are unless they can prove their identity.

These are basic guidelines for staying safe online, but paying attention to them can help you avoid falling for most social engineering attacks. Knowing these signs can make employees stop and think twice before taking an action that could compromise your organization. New-school security awareness training can teach your employees what these and other red flags look like so they can spot them in the real world.

CSO has the story: https://www.csoonline.com/article/3439103/10-signs-youre-being-socially-engineered.html


Free Social Media Phishing Test

Would your users fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter? Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization. Don't get hacked by social media phishing attacks!

SPT-monitorHere’s How the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

Don't like to click on redirected buttons? Copy & paste this link into your browser:
https://www.knowbe4.com/social-media-phishing-test

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews