Social engineering attacks are particularly difficult to defend against because they exploit natural human traits such as curiosity, respect for authority, and the desire to lend a hand to friends. This is one of the scenes in the Mr Robot series which depicts how Social Engineering technique works.
I would like to share the following suggestions for detecting social engineering attacks:
- Check the source for a while and consider where the communication is coming from; do not naively trust it.
- Does the source lack expected information, such as your full name, etc.? Remember that if a bank calls you, they should have all of this information in front of them, and they will always ask you security questions before allowing you to make account changes.
- Break the loop by contacting the official number or visiting the official website's URL, instead of providing information over the phone or by selecting a link. Use a different type of communication to determine the credibility of the source.
- Checking the caller's identity and number or asking "Who do you report to?" should be typical responses to information requests. Then, merely consult the organization's organizational chart or telephone directory before disclosing your private or personal information.
- Do not act too quickly. Be extra careful when you detect a sense of urgency entering a conversation. This is a common tactic employed by social engineers to prevent their targets from pondering the issue thoroughly.
Safe surf, folks :-)
Post a Comment
0Comments