How aware are you when it comes to social engineering?

Cybercrime is huge; indeed, no other criminal activity is quite so lucrative, thus it is imperative that you prepare and protect both your business and your personal life to mitigate the inconvenience and the cost of an attack.

There are some basic hygiene factors that every business needs to have in place. Firstly, ensure that you have appropriate insurance cover and that you understand what this is and the terms and conditions. Secondly, cybersecurity training is essential at every level of the business from the boardroom to the factory floor, indeed the ICO guidelines now say that training for new employees must happen within 30 days of starting their employment (plus before they access client data) and that it’s repeated at least annually.

Any training program you undertake should include appropriate content exploring the many different strategies deployed by social engineers (one of the prevalent forms of attack).

Social Engineers trick and manipulate their victims to do something which is not in their best interests (giving away passwords, banking info or allowing access) using techniques which provide enough pieces of the jigsaw, that decisions are made using sub-conscious thinking, as opposed to rational, logical conscious thinking.

At ramsac we focus on five areas of social engineering.

The first is Phishing, and most people are familiar with the concept of this, it uses email activity to trick the target. There are multiple techniques and categories of phishing including Whaling (or CEO Crime) and MITM ‘man in the middle’ strikes.

Second is Vishing, this is voice solicitation, and the challenger will make a phone call pretending to be the bank, law enforcement, HMRC etc. Often spoofing the phone number they are calling from to make it look like a number you are expecting (even your own office number!).

Third is Smishing, this is like phishing but using SMS or Text messages to trick the target. The average UK adult receives 9 smishing attempts each month on average, pretending to be DPD, The Post Office, Amazon etc. This is tricky because unlike phishing you can’t however the mouse of a smishing link to see if the URL offers any clues.

Fourth is Qrishing, this method tricks someone by getting them to scan a QR Code, this problem increased no end during Covid as more people became used to scanning into a venue, the problem is that it’s easy to print a dodgy QR code and stick it over a legitimate one. When someone open the QR code they get taken to a website designed to cause digital harm.

Finally, we must discuss with our teams the problem of Impersonation. The Cyber Criminal can save a lot of time trying to break into sophisticated IT security by simply getting inside the targets office building. This might simply be by sending the target USB keys and getting them to do the work for them, however, dressing as a supplier and walking into a building is unfortunately too easy for many. The concept of hiding in plain sight has never been truer and wearing a high-viz jacket and carrying a clipboard opens far too many doors. Some criminals will pretend to be the company that change your sanitary waste bins, the question is, if someone appropriately dressed walked in to your reception with two waste bins under their arms, how many people in your organisation would stop to question, identify or talk to them?

It doesn’t matter who you are or what your business does, you will eventually be the victim of a cybersecurity attack, thinking that it won’t happen to you is simply naive. Please ensure that you give sufficient time to understand the risks, practice your defence and engage with experts to ensure that you, your business, family and loved ones stay as safe as possible.

Rob May is Managing Director of ramsac who have specialised in cybersecurity and strategic technology for the last 30 years. He is also a Speaker, Author, UK Ambassador for CyberSecurity with the IoD and on the Board of The Cyber Resilience Centre in the South East (a collaboration between Business, Academia and Law Enforcement).

Cyber Resilience Certification

Looking for more information on how the Cyber Resilience Certification can improve your cybersecurity protection for your organisation? Download our factsheet.

Related Posts

  • Social Engineering: The 7 most common tricks cybercriminals use (and how to stop them)

    Social Engineering: The 7 most common tricks cybercriminals use (and how to stop them)

    Cybersecurity

    Discover the top 7 social engineering tricks cybercriminals use to manipulate people into giving away sensitive information, and learn practical steps to protect yourself and your organisation from these [...]

    Read article

  • Protect your organisation with secure+ from ramsac

    Protect your organisation with secure+ from ramsac

    Cybersecurity

    Protect your organisation from evolving cyber threats with ramsac's secure+ A proactive monitoring solution designed to safeguard your systems, data, and reputation. [...]

    Read article

  • All you need to know about software vulnerabilities

    All you need to know about software vulnerabilities

    CybersecurityTechnical Blog

    Understanding software vulnerabilities is crucial for staying protected in an ever-evolving cyber landscape, where unpatched weaknesses can open the door to serious security threats for individuals and organisations alike. [...]

    Read article

  • Why your printer might be the biggest security risk in your office

    Why your printer might be the biggest security risk in your office

    Cybersecurity

    Think your office printer is harmless? Think again. Printers store data, connect to networks, and often have default passwords that cyber criminals love. Don't let your weakest link be the [...]

    Read article

  • The importance of cybersecurity contingency planning for businesses

    The importance of cybersecurity contingency planning for businesses

    Cybersecurity

    Protect your data from cybercriminals and minimise downtime with an effective cybersecurity contingency plan. Read on. [...]

    Read article

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?