With ransomware attacks disrupting everything from gasoline to hamburgers, it’s important to know the basics of social engineering and how to keep your firm safe.
It’s all about education and training, starting with the fact that variations of social engineering have been around forever.
“The primary tactic used to defraud victims or steal sensitive data—specifically through impersonating a known or trusted entity—has been around for much of human history,” writes business editor Nicole Fallon in this blogpost for CO. “Social engineering attacks often come in the form of the criminal posing as a legitimate, known business associate (e.g., a supplier, customer or executive) and making requests that the victim might reasonably expect to receive from them. These fraudulent requests may include changing bank accounts for payments or sending an urgent wire to close a key business deal. Social engineering also involves the sharing of sensitive personal or company information.”
Below are six key takeaways from Fallon’s article, “What is Social Engineering?”
Don’t fall prey to a cyberattack. Stay safe by being insured with Lawyers Mutual. Our email newsletter “Practice Reimagined” offers timely tips, pointers and valuable links to keep you safe and successful in the new normal.
Most Prevalent Forms of Social Engineering
- “Phishing emails are designed to look as though they come from a trustworthy source. They’ll usually ask a user to sign into their account and include links that, when clicked on, will steal sensitive information. These attacks account for 80 percent of all reported security incidents, according to CSO.”
- Smishing. “Similar to phishing, social engineers will use messaging apps or SMS text messages to bait victims into clicking on malicious links.”
- Vishing. “Attackers will obtain a user’s phone number to call and ask for information over the phone by posing as a known business associate,” according to Fallon.
6 Things to Know About Social Engineering
- It’s not always about money. Cybercrooks are also after data and sensitive information. “Social engineering is the manipulation of individuals to not just get money, but also to gather information that someone may not normally share,” says cybersecurity professional Eric Breece in the CO post. “It’s an attempt to get someone to do something that benefits the attacker.”
- Social engineering works because we are trusting. Phishing emails come from our friends, colleagues, vendors, clients and employees – in other words, people we trust. “This trust is what social engineers exploit and is the key reason why these attacks are so successful,” says the CO post. “[It can be hard to] push back on those we expect to work with every day, especially someone in a position of power, like one’s boss.”
- Carelessness and human error are often the culprit. We wrongly assume all phishing scams are from a Nigerian prince and therefore easy to detect. We get lazy and open an email or click on a link without thinking. We let our guard down because we’re busy or distracted.
- Multifactor authentication is a crucial line of defense. Which is why your online bank sends you a confirmation text code you have to enter before you can log on.
- Report a cyberattack. “If you’ve already opened a link or provided any financial information, notify your financial institution and have them recall any active transfers, freeze compromised accounts and monitor for any further suspicious activity. Then immediately file a complaint with the FBI at gov.”
- Get cyber liability insurance coverage. Be sure to report the incident to your carrier.
Source: US Chamber of Commerce
Jay Reeves is author of The Most Powerful Attorney in the World. He practiced law in North Carolina and South Carolina. Now he writes and speaks at CLEs, keynotes and in-firm presentations on lawyer professionalism and well-being. He runs Your Law Life LLC, which offers confidential, one-on-one consultations to sharpen your firm’s mission and design an excellent Law Life. Contact firstname.lastname@example.org or 919-619-2441.