Social Engineering - If something seems too good to be true, it probably is!

Social engineering is the elicitation of confidential or personal information from individuals or organisations through deceptive or manipulative practices.

One such method used by malicious actors is that of phishing. This is when an attacker looks to exploit a user in order to bypass security measures via an electronic communication. Spear phishing is a term used to indicate phishing that is specifically targeted towards an individual or organisation.

Hostile actors use a variety of tactics and techniques which are evolving all the time. However, individuals and organisations can help to reduce their vulnerability to a social engineering attack by being alert to the social engineering threat when using mobile devices and reminding themselves of the importance of following good security advice at all times.

Carrying out some simple but effective security measures will help mitigate this threat:

Never reply to messages, click on links or open attachments immediately, even if there is a sense of urgency in an SMS or email, unless you are certain of its authenticity. If in doubt check with the sender via other means of communication before disclosing any personal or organisational information. A message might appear to come from someone you trust, but attackers are clever at mimicking contacts you know

Attackers may know your daily habits or places you go, both physically and electronically, so be aware that this knowledge might be used in a message to convince you it is genuine. For example, posting on social media about a regular visit to a favourite coffee bar, could give a hostile an opportunity to use that information for the purposes of social engineering

Be careful not to make yourself or your organisation an easy target for hostiles in the first place by information putting in the public domain that would be helpful to a hostile, such as information relating to sensitive projects.