Skip to main content

How to protect your business from social engineering cyber attacks

Cyber criminals target staff to defraud business
Click to enlarge
Cyber criminals target staff to defraud business
Siobhan Stirling - Sharp Minds Communications for Capital Space by Siobhan Stirling - Sharp Minds Communications for Capital Space
Owner/Director - Sharp Minds Communications Ltd

Did you know that 44% of businesses have suffered an attempted cyber-attack? Although we are probably all aware of personal cyber fraud, it’s also a growing problem for companies, and with many small- and medium-sized businesses being targeted by cybercriminals, Capital Space are keen to get you clued up on the dangers of cybercrime and how you can protect your business. Social engineering is one of the most common ways cybercriminals gain access to secure systems because it exploits one of the weaker points in security systems – people.

What is social engineering?

Social engineering refers to the psychological manipulation of people in control of secure IT systems. It is one of the easier ways for cybercriminals to gain access to data because they don’t necessarily need any technical knowledge or hacking ability; instead they use tactics to exploit the people in control of the systems.

The main tactics that social engineering scammers use are:

  • Building an air of authority – People psychologically follow leaders; criminals posing as an authoritative figure are more likely to get compliance from a target.
  • Urgent requests – Scammers will create a sense of urgency to make us panic and make a less logical decision.
  • Making your decision have a consequence – We naturally strive to avoid negative consequences; scammers use this against us.
  • Appealing to vanity, greed and curiosity – Many of us find it difficult to turn down appealing or click-bait titles.

How do social engineering scammers get to you?

  • Phishing – Phishing is an infamous technique used by scammers to gain information fraudulently from you. The main technique phishers use is to send emails to you posing as your bank or another company, such as on online retailer you regularly shop with, using copies of the company logo to seem more legitimate. They will often request you fill in your contact details, including account numbers or card details to update their records – when actually they are simply stealing your information.
  • Vishing – The short term for voice phishing, or committing fraud using telephone calls to gain personal or financial information.
  • Smishing – The shortened term for SMS phishing, when a fraudster sends you a text message designed to steal your information.
  • Impersonation ­– Less common than the above methods, but equally as damaging, this is when people physically pose as another person with the goal of gaining access to your systems or building.

How to spot social engineering attacks
Don't write down your passwords on paper
Don't write down your passwords on paper

Social engineering attacks can be easy to avoid as long as you know what to look out for. The first step is to identify which information is sensitive or valuable and whether it would be a target for cybercriminals. For example, your credit card details would be a high-value target, whereas your mobile phone number is probably less of a target (depending on who you are).

Many companies – particularly banks – will have standard procedures which they follow that are made clear to customers so that you know when it’s them contacting you. If your bank does get in touch with you out of the blue and you aren’t sure that it’s them, check their standard procedures or get in contact with them directly to find out (importantly, if they have called you, call back on a different line as some vishers sit on a phone line to commit their fraud). Train your employees about the various ways that banks will get in touch and make sure they consult a superior before divulging any information.

Passwords are another major target and should be protected. If a scammer gets hold of your passwords then they could potentially gain access to confidential information, such as secret business plans which competitors could potentially use to their advantage, client information and other accounts which share the same password. To prevent this from happening, make sure you only share passwords in person or through encrypted software such as LastPass .

When it comes to deflecting social engineering attacks, the best way is to think logically, use common sense, and act cautiously. If you’re ever unsure about something, get in touch with your bank, your superior, or your IT manager to get a second opinion – it’s better to be safe than sorry!

To find out how CapitalSpace  virtual offices or business premises

could benefit your growing business,

call 0800 107 3667