I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with less. With that in mind, I tried to boil down social engineering attacks in as few words as possible.
Social engineering is a scam which attempts to have a person perform an action which is against their own self interests. It is a con. Usually, the action is to provide confidential information (e.g., login information) or to execute malicious trojan horse content.
Most social engineering attacks have four common traits, which if present, signal a far higher likelihood of a scam being involved. Asking and answering four questions can help you avoid becoming a victim. If they are present, you should go out of your way to confirm the request using an additional, more trusted method before performing any action. Here is the flowchart of those questions:
Not every message with these four traits is absolutely a social engineering scam. Our email inboxes, voice mail and postal mailboxes are full of unexpected requests. That is life. But when these four traits are present, you need to confirm the request using some other guaranteed-to-be-safe method before performing it. Think before you act.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
