Social Engineering: Spot And Report

Hey there, ACME team! I'm Jack, your Head of InfoSec. Today, we're going to talk about social engineering, a sneaky tactic cybercriminals use to manipulate people into revealing confidential information. We'll learn how to spot, avoid, and report social engineering attempts, whether they're digital, in-person, or over the phone."

Social engineering relies on our natural tendencies to trust and help others, making it a potent weapon for cybercriminals. By staying alert, we can protect ourselves and our organization from these threats. Let's dive into the three common types of social engineering attack and how to handle them.

1. Digital
   These attacks occur online, via email or social media, and may involve phishing emails or malicious links. For example, you might receive and email from someone posing as your IT team asking you to verify your account password.
   To spot and avoid this, it's essential to be cautious of unexpected emails or messages, especially those that contain attachments, links, or requests for sensitive information. Vigilance is the key to avoiding potential threats. Additionally, it's crucial to verify the sender's identity and check URLs before clicking on them. This proactive behavior can prevent inadvertent access to malicious sites or downloads. Lastly, any suspicious messages should be reported to the InfoSec team. This collective effort will enhance the security of our system and protect us all from cyber threats.
   ‍
2. In-Person
   hese attacks, often referred to as ‘tailgating’ involve face-to-face interactions, such as someone posing as a vendor or IT technician. A common form of tailgating is when an attacker gains unauthorized access to a restricted area by following closely behind someone with proper access, exploiting our natural inclination to hold the door for others.
   In order to stay safe, it is crucial to always verify the identity of unfamiliar visitors. Additionally, one should be wary of unscheduled maintenance or service calls to prevent potential security breaches. Lastly, it is important to report any suspicious individuals or activities to the InfoSec team in order to maintain a secure environment.
   ‍
3. Over the Phone or ‘Smishing/Vishing’
   These attacks involve phone calls or text messages from fraudsters impersonating colleagues, IT support, or other trusted sources.
   When handling these situations, first and foremost, it's important to proceed with caution, particularly when it comes to unexpected calls or texts that ask for sensitive information. You should always ensure the authenticity of the caller's identity, which can be done by calling them back through an official number that you know to be legitimate. If you come across any calls or texts that strike you as suspicious, it's crucial that you report them to the InfoSec team promptly.

If you encounter a social engineering attempt, report it to the InfoSec team through our dedicated Slack channel. Provide details like the nature of the incident, when it occurred, and any relevant information.

In conclusion, social engineering attacks prey on human nature, making it crucial to recognize the signs and stay vigilant. By spotting, avoiding, and reporting these attempts, we can protect ourselves and our organization. Thanks for watching!