Social Engineering and Phishing

Have you ever received an unusual message or phone call from someone who claims to be in your organization demanding information? If your answer is yes, you may have been the victim of a social engineering attack. Social engineering is just one of many ways cyber criminals attempt to gather confidential information. 

What is Social Engineering?

Social engineering, in the context of cybersecurity, is when a bad actor is posing as somebody else to obtain valuable information from you. These “social engineers” are trying to find their way into your organization to get some information out of you that, in the end, might exploit your wallet or your company in some way or manner.

These events are very common because people are, in nature, willing to help and act. However, there are some bad actors out there that are finding ways to take advantage of people’s good will.

Social Engineering can be Phishing – These kinds of attacks are usually emails in someone’s inbox with a hyperlink or file that as soon as somebody clicks on the link or opens the file, malware is downloaded on the device. 90 percent of breaches involve some sort of targeted phishing.

Tips and techniques you can apply to prevent Social Engineering:

  1. Have a cybersecurity training program in your organization – learn to spot phishing emails
  2. Provide technical tools to catch these attempts – in the end, human eyes are always the best to catch these warning signs
  3. Internal phishing tests – have learning management tools that train employees to spot phishing attempts

John Williamson

Risk Advisory Partner

Jesus Vega

Risk Advisory Senior Manager