Social engineering attacks and scams are part of daily life in this technology age, and they are here to stay whether you like it or not. This is evident in the mandatory training surrounding social engineering that most companies require their employees to do. The several unfortunate spam/scam calls most of us receive every day are also a pretty good indicator.
These training programs do a good job of teaching you how to recognize fraudulent or malicious emails. They tell you to look out for misspelled words, strange email addresses, or unsolicited attachments, and in most cases identifying attacks with these tactics works great! However, what happens if a social engineering attack is particularly well-designed and thought-out? Perhaps it's over the phone, and you can't rely on visual cues to determine what's legitimate or not. What is the one golden rule we can always fall back on to protect ourselves when we are not sure? It’s simpler than you might think:
Do not give out confidential information unless you initiated the communication.
Legitimate companies and organizations are unlikely to come to you asking for personal or confidential information. Hackers know this, so they will try to create a sense of urgency or elicit a feeling of panic to make you give them what they want before you can suspect it's a scam. What you could also do when faced with a situation like this is to stay calm and try to ask questions. Hackers are often unable to provide legitimate responses and may react by getting impatient or even aggressive so they can get what they want from you before being discovered. Once again, the most important rule of all is to just never give out any confidential information. By implementing this rule into your personal and work life, you'll be ensuring that you never give your sensitive information to the bad guys.
Of course, implementing this rule won’t keep you from clicking on a malicious link or file download, but it will keep you from giving out personal information no matter how good the scam attempt is.
For more information on how to detect phishing emails, check out our other article, Here, Phishy Phishy: Don't Get Hooked by Phishing Emails.
To learn more about social engineering and how hackers use it to manipulate their victims, get our free e-book.