OUR LOCATION
Despite what we would all like to believe, not everyone out there has good intentions for you or your business.
Social engineering is the umbrella term that encompasses a variety of malicious activities conducted through human interaction. Fortunately, you can unlock peace of mind for yourself and your business with cyber insurance.
Want to know more about social engineering, what it means for your business and most importantly, how to prevent it?
Find out the with the trusted Gold Coast insurance broker team at Crest Insurance.
Social engineering under the microscope
The malicious activities that come under social engineering are made possible through psychological manipulation. This tricks everyday people, employees, and business operators into making security mistakes or giving away confidential information.
Social engineering often follows a four-step process:
-
Investigation
Here, the groundwork is laid, the victim is identified, background information is gathered, and cyber-attack method is devised.
-
Hook
The deception begins. The victim(s) is engaged, a story is spun, and the attacker establishes control over the interaction.
-
Play
Over a period of time (could be quick, could be prolonged), the foothold is expanded, the attack is seamlessly executed, and the victim business is disrupted and/or data is siphoned.
-
Exit
Finally, the interaction is closed and hopefully – to the attacker’s advantage anyway, without suspicion. The attacker(s) will finish by removing all evidence of malware, covering their tracks.
The attack techniques to be aware of
There are 5 main attack techniques used by hackers:
-
Baiting
This assault draws victims in with false promises that cater to curiosity or potential greed.
For example, the perpetrator may leave a USB in eye-catching areas like the company’s toilet cubicles or elevator. It may even be labelled something of interest like ‘payroll.’ Out of curiosity, the victim may insert it into their personal or work computer whereby automatic malware is installed.
-
Phishing
Email and text message phishing scams are quite favourable amongst attackers.
They create a sense of urgency and even fear in victims with a call to action that sees the revelation of the victim’s personal information, opening of attachments of opening dangerous links.
-
Spear phishing
This technique is more targeted and involves a scammer choosing specific individuals, tailoring their message to reflect their name, job description and contacts.
It takes longer, but due to its personalisation, spear phishing has captured many unsuspecting victims.
-
Pretexting
By impersonating either fellow co-workers, police, bank or ATO officials, the scammer asks questions to confirm identity and through trust establishment, successfully gathers key personal data.
-
Scareware
False alarms and fake threats are the methods of scareware.
For example, the victim is deceived in believing their computer is infected with malware and ‘must’ install further software to expel it. Of course, the threat isn’t real and what is downloaded, is malware itself!
Protect your business, protect yourself
In the digital era, protecting yourself and your business is essential.
To fully understand and attain insurance coverage that includes social engineering attacks, speak to your Gold Coast insurance broker.
Looking to obtain cyber insurance as part of your business insurance?
Contact Crest Insurance to discover the most suited insurance coverage for your needs.
Disclaimer: The information contained in this news post is general in nature and is intended to provide a general summary only and should not be relied on as a substitute for professional advice.
