Hackers are getting more clever with social engineering tactics, especially through COVID-related campaigns, putting you and your organization at risk of handing over sensitive data and credentials.
Simply put, social engineering is the non-technical strategy cyber attackers use to manipulate people into giving up confidential information. Instead of exploiting vulnerabilities in an application, they find vulnerabilities within humans. Even with the most sophisticated security technologies in place, falling victim to social engineering tactics puts bad actors one step closer to achieving their goals.
Social engineering is nothing new – however, the pandemic created a huge surge in people’s reliance on IT, from communicating with family or friends to maintaining productivity at work.
This increased dependence on work-from-home and our online footprint has made us a much easier target for social engineering attacks, so it is important now more than ever before to be mindful of who we are interacting with over the phone and over the Internet.
Common social engineering hacks that have risen during COVID:
- Emails or calls posing as someone in your organization’s IT department which ask you to click a link or provide a two-factor authentication code and bypass multi-factor authentication (MFA) controls.
- “Officials” from your local government or healthcare agency, or insurance carrier, who ask for personal information.
- Unsolicited requests for account changes or information via email alone.
Some recommendations for you:
- Closely inspect any unknown email address to verify it is legitimate before clicking on links or attachments.
- Do not provide information about your organization to outside entities without proper authorization.
- Double check a request’s legitimacy by calling or contacting the company or internal department directly.
Awareness that social engineering attacks are increasing alone is an instrumental first step towards protecting yourself and your organization against a successful cyber attack. If you are suspicious about an email, report it to your IT organization’s staff immediately, and don’t answer any calls you are not expecting.