Chat With Us
We are here for you!
Talk to a fellow human.
In a social engineering attack, a bad actor uses human interaction (social skills) to acquire information about an organization and/or its computer systems. Attackers often seem unassuming and respectable, often claiming to be a new employee (or one from another office), a service technician, or a member of the service-providing company and may even offer credentials to support that identity.
If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and utilize the information from the first source to establish credibility and continue to gather information to build an attack.
To combat social engineering:
Earlier this year, Infosec Institute published several of the Most Common Social Engineering Attacks, including web server attacks, phishing (and whaling), pretexting, and more. This resource sheds light on the tactics that attackers use to trick users into sharing sensitive information.
If you think you might have revealed sensitive information about yourself to a “foe,” it is important to contact your local authorities and file a report. Change passwords that may have been compromised and monitor accounts for any sign of identity theft. If you think you might have revealed sensitive information about your organization, report it your supervisor, as well as advise the appropriate personnel responsible for IT Security and Data Protection.