Most Social Engineering attacks come across innocently to the average person. A work colleague trying to login to the work system after hours to complete an assignment, a download link for an expensive program that is free on this one website, you can not really blame someone for trusting these interactions and falling victim.
For this reason, the best way to protect yourself and those around you is by having a set of protections in place to limit damage effectiveness, and establish basic protocol to stop interactions with untrustworthy sources.
- Keep an updated antivirus on your computers – Free antivirus programs like MalwareBytes and paid ones like Kaspersky work by comparing new and old files on your system to previously identified viruses and malware on their servers. If you accidentally download a legitimate looking, but infected, program onto your computer, then an antivirus software will probably detect it and remove it before harm is done. However, sometimes the viruses are newly created. In this scenario, it would be best not to download it at all:
- Have an established best practices protocol – A protocol, a set of rules, whatever you want to call it, but just having specific actions a user must commit when interacting digitally would help immensely to limit social engineering attacks. If a user has to visit a website to enter sensitive information, have them double check the URL of the website. If they mistyped it or clicked the wrong link, they would be able to see it wrongly in the browsers address bar. Additionally, when a user receives an email from someone, check both the display name AND the actual email address (before and after the @). Make sure you completely recognize it. Finally, if you get a text message from an unknown number, it is in your best intentions to completely disregard it. These protocols must be reminded regularly, so it stays fresh in people’s minds.
- Never share your sensitive info with ANYONE remotely – Seemingly simple to understand, a reputable source will NEVER ask you to share your sensitive information remotely for ANY reason. If a work colleague gets locked out of the work drive and want to use your account, unless they video call you or meet you face to face, then tough luck. If your bank calls because of an account issue, and they ask for your banking or login information, then hang up the call immediately and go in person. If someone messages you online to obtain the serial number for a product you are selling, leave them on read. Too many instances of social engineering attacks occur for rudeness to interfere with safety.
These are three concrete suggestions to properly combat social engineering attacks. By following them, you are guaranteed to greatly reduce the amount of successful social engineering efforts taken. Obviously there are few ways to stop them from occurring, but we can bolster our defenses.
