According to the Canadian Centre for Cyber Security (CCCS), cybercriminals have increased their attempts to identify and exploit individuals working from home since the COVID-19 pandemic began. Cybercriminals view remote workers as ripe for exploit due to the fact that many individuals are relatively inexperienced with remote working. What’s more, home networks are generally less secure than those at the workplace.
Many cybercriminals are using social engineering strategies to exploit vulnerabilities in remote workers. Social engineering is the act of accessing information, physical places, systems, data, property, or money by using psychological methods, rather than technical methods or brute force. Social engineering scams rely on exploiting psychological weaknesses and blind spots in order to convince victims to give social engineers what they want. These scams are common and are especially dangerous as remote work becomes more widespread.
Common Social Engineering Scams
There are many different types of social engineering scams, each utilizing different strategies to prey on people’s curiosity and trust. Some of the most common social engineering scams include:
- Phishing is when a cybercriminal attempts to obtain valuable information by tricking people into visiting a fake website or clicking a link that installs malware. This is typically done via email or text message. While phishing may be used to target specific individuals, such as a person of authority at an organization, it is often a mass untargeted attack.
- Baiting is the offer of a reward (e.g., a monetary prize or discount) for taking a course of action, such as clicking on a link. Baiting can also be a physical attack. For instance, a malicious party might leave a USB marked “confidential” in public, hoping someone will find it and plug it into their computer. Once plugged in, the USB could install malware or other malicious software.
- Quid Pro Quo involves a seemingly legitimate exchange wherein the targeted person believes they are receiving a good deal. For example, a malicious party may identify themselves as an IT consultant offering a technical service in exchange for login details.
- Pretexting is when someone impersonates a known co-worker or authority figure in an attempt to gain access to secure information.
How to Reduce the Risk of Social Engineering Scams
Fortunately, many social engineering scams can be prevented through these simple cybersecurity practices:
- Training—Train your employees to watch out for messages with odd text formatting from unknown or unusual sources. Something that seems legitimate at a glance often fails to hold up under scrutiny.
- Reinforce security—Stress the importance of never giving out logins or other valuable company information to an unidentified third party. Employees should never click links or visit web pages that they are unfamiliar with.
- Update software—Keep all software updated with the latest security features.
- Encourage teamwork—Encourage employees to contact the IT department if they receive a message that they believe might be a scam.
- Review insurance—Review your cyber insurance policy to ensure that your organization is covered in the event of a cyberattack.
Contact us today to learn more about how you can protect yourself from cyber threats and discuss your current coverage.
Image credit: TCI Techs