Ever been tricked by someone claiming to be someone they’re not? That’s social engineering, which is basically a fancy term for fooling people into giving up confidential information.
It happens a lot over email — a popular one lately is a message telling employees that their health care is about to be canceled and they should open an attached file or visit a certain website in order to make sure it isn’t. But often this kind of information theft begins offline, where a thief will pose as a colleague, IT administrator or maybe someone like a bank or credit card company rep, telling you that your account has been compromised and they need your account number/password/Social Security number to reopen it. It could even be as simple as blanketing your company’s employee parking lot with flyers that entice people to log in to what seems like a legitimate website but is actually a phishing attack.
To avoid becoming a victim of social engineering, your employees need to remain vigilant at all times. Never reveal passwords, log-in credentials, PIN numbers or Social Security numbers in their entirety. Don’t open strange files or click on unverified links in emails, even if they’re coming from people you know. And make sure, for instance, that the URL for the site in which you’re about to type your sensitive information is legit and not a phishing site masquerading as the real thing.
IT administrators can and should conduct regular tests to see if employees are susceptible to these types of attacks. Repeated training and reminders can help lessen the impact of this type of attack on your company.