Welcome back to Talk Cyber to Me.
I want to talk about something called “social engineering”
When I first heard this term, I thought of a crazy scientist. Maybe its something else for you. Regardless, social engineering is as bad and weird as it sounds.
It's a fancy term for a technique hackers use to try to get information about you. This can be done both online and offline.
The ultimate goal is to get you to reveal something sensitive – like a password, bank account information or even your social security number. They then use that information to access more sensitive data on your computer or mobile device.
Its called “social engineering” for a reason – the point is to try and exploit human behavior to get what they want.
Its about fooling people, not just hacking into your computer.
Many of us are on social media and we have gotten into habit of sharing anything and everything online.
Quite frankly, some of us having taken the phrase “sharing is caring” way too far. We sometimes post, tweet, share stuff about ourselves that can reveal personal traits and habits.
The problem is that criminals are increasingly using the personal information against us. Clever hackers can use these pieces of information to try and get more personal information on you both on and offline.
So say you or your employees casually share information on themselves or your company on social media sites like LinkedIn, Twitter or Facebook. These bits of information could be enough to gain some intel on your employees to trick them.
Armed with this information, a criminal could call you or your employee and pose as someone in authority. Or they could simply sent an official looking email to accomplish the same thing.
So you may be asking yourself, what can I you do?
• Well, first off – as I’ve been saying in other video posts – awareness is an essential first step. Be careful what you and your employees share online – especially on social media sites. It is important to talk to your employees and make sure they are not sharing too much information on you or your company.
• Unless you can entirely trust the other person NEVER disclose sensitive information, passwords or anything like that over the phone or email. Look, hackers are not stupid. They will try their best to pose as a legitimate authority to try and get at your information.
There are definitely more precautions you can take. But like all cyber risks, knowledge is power. So stay tuned for the next Talk Cyber to Me. Till next time.
Sources:
http://www.computerworld.com/article/2996606/cybercrime-hacking/social-engineering-employees-could-be-your-weakest-link.html
https://www.fcc.gov/cyberforsmallbiz; https://transition.fcc.gov/cyber/cyberplanner.pdf
https://www.us-cert.gov/ncas/tips/ST04-014