What exactly is social engineering and why should you be concerned about it? Social engineering is a very popular form of hacking that’s been called the greatest security risk in the decade ahead. It can be done by email, phone or text messaging, and usually the hacker is someone trying to trick you into giving them access to confidential information.
Have you ever received an email from a friend that urgently asks for your help, and subsequently your bank account number? Or what about a message from a popular company that tells you you’ve won something and asks you to click on a link to claim your prize?
These are just some examples of social engineering scams that could give criminals access to your financial information, contacts, social networks and more.
As a business owner, if you become the victim of a scam like this, you could be exposing your clients, vendors, partners and associates to a potentially dangerous situation.
Social engineering is used in more than two-thirds of all hackings nowadays. Electronic hacking like that in the vein of the Russians might be more newsworthy, but it’s social engineering that business owners need to watch out for.
The four main ways social engineering occurs is by (a) phishing, in which the hacker uses email to trick someone into giving him access to some kind of account or login or financial information; (b) vishing, which is the same but through voice, such as a phone call; (c) impersonation, which is done in person, on site; and (d) smishing, which occurs through text message.
There can, however, be thousands of variations to these four methods.
Security awareness training company KnowBe4 advises that all users “think before you click.” It has also published 22 social engineering red flags to watch out for in any email. Here are a few of the top flags to watch for:
- You don’t recognize the sender’s email address as someone you ordinarily communicate with.
- The email is from someone outside your organization and is not related to your job responsibilities.
- You were CC’d on an email but don’t recognize the other recipients.
- You hover over a hyperlink displayed in an email address, but the address is for a different website.
- You received a business email sent at an unusual time, like 3 a.m.
- The email’s subject line doesn’t match the message content.
- You see an attachment with a possibly dangerous file type. The only one that is always safe to click on is a .txt file.
MidSouth Bank offers the EZShield Business Protection Program with an all-encompassing “secure, monitor, restore” approach to protecting you and your business’s sensitive information and finances. On-the-go access, password protection, daily internet monitoring, fraud alerts and discounted identity protection services for employees make up the benefits of this award-winning protection service. Learn more about our business accounts or call 1-800-213-BANK for more information.