Byte of Prevention Blog

by Jay Reeves |

How to Prevent a Social Engineering Attack

Pin on Pinterest Share on Google+ Share on LinkedIn

With ransomware attacks disrupting everything from gasoline to hamburgers, it’s important to know the basics of social engineering and how to keep your firm safe.

It’s all about education and training, starting with the fact that variations of social engineering have been around forever.

“The primary tactic used to defraud victims or steal sensitive data—specifically through impersonating a known or trusted entity—has been around for much of human history,” writes business editor Nicole Fallon in this blogpost for CO. “Social engineering attacks often come in the form of the criminal posing as a legitimate, known business associate (e.g., a supplier, customer or executive) and making requests that the victim might reasonably expect to receive from them. These fraudulent requests may include changing bank accounts for payments or sending an urgent wire to close a key business deal. Social engineering also involves the sharing of sensitive personal or company information.” 

Below are six key takeaways from Fallon’s article, “What is Social Engineering?”

Don’t fall prey to a cyberattack. Stay safe by being insured with Lawyers Mutual. Our email newsletter “Practice Reimagined” offers timely tips, pointers and valuable links to keep you safe and successful in the new normal.

 

Most Prevalent Forms of Social Engineering

  • “Phishing emails are designed to look as though they come from a trustworthy source. They’ll usually ask a user to sign into their account and include links that, when clicked on, will steal sensitive information. These attacks account for 80 percent of all reported security incidents, according to CSO.”
  • Smishing. “Similar to phishing, social engineers will use messaging apps or SMS text messages to bait victims into clicking on malicious links.”
  • Vishing. “Attackers will obtain a user’s phone number to call and ask for information over the phone by posing as a known business associate,” according to Fallon.

 

6 Things to Know About Social Engineering

  1. It’s not always about money. Cybercrooks are also after data and sensitive information. “Social engineering is the manipulation of individuals to not just get money, but also to gather information that someone may not normally share,” says cybersecurity professional Eric Breece in the CO post. “It’s an attempt to get someone to do something that benefits the attacker.”
  1. Social engineering works because we are trusting. Phishing emails come from our friends, colleagues, vendors, clients and employees – in other words, people we trust. “This trust is what social engineers exploit and is the key reason why these attacks are so successful,” says the CO post. “[It can be hard to] push back on those we expect to work with every day, especially someone in a position of power, like one’s boss.”
  1. Carelessness and human error are often the culprit. We wrongly assume all phishing scams are from a Nigerian prince and therefore easy to detect. We get lazy and open an email or click on a link without thinking. We let our guard down because we’re busy or distracted.
  1. Multifactor authentication is a crucial line of defense. Which is why your online bank sends you a confirmation text code you have to enter before you can log on.
  1. Report a cyberattack. “If you’ve already opened a link or provided any financial information, notify your financial institution and have them recall any active transfers, freeze compromised accounts and monitor for any further suspicious activity. Then immediately file a complaint with the FBI at gov.”
  1. Get cyber liability insurance coverage. Be sure to report the incident to your carrier.

 

Source: US Chamber of Commerce

 

Jay Reeves is author of The Most Powerful Attorney in the World. He practiced law in North Carolina and South Carolina. Now he writes and speaks at CLEs, keynotes and in-firm presentations on lawyer professionalism and well-being. He runs Your Law Life LLC, which offers confidential, one-on-one consultations to sharpen your firm’s mission and design an excellent Law Life. Contact jay@yourlawlife.com or 919-619-2441.

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More