• Register

LinkTech Blog

LinkTech has been serving the Rapid City area since 2014, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What is Social Engineering, and How Can I Stop It?

What is Social Engineering, and How Can I Stop It?

Let me ask you a few questions—first, how confident are you that you could spot an online ruse, and second, did you know there is a stain on your shirt right now?

Did you look?

If so, you have just fallen for the school playground version of social engineering, a serious threat. Let’s discuss the kind that you’re more likely to see in terms of your business’ cybersecurity.

To begin, let’s analyze what social engineering really is, and why it works so well on us.

Social Engineering is Emotional Hacking

When all is said and done, that is really what it boils down to. Instead of trying to find the right combination of 1s and 0s to bypass your cybersecurity, social engineering is the use of the right emotions and thought processes to bypass your human employees.

Let’s examine the stained shirt example we provided above. While it probably was not as effective coming in through text, chances are good that you have also experienced the old-fashioned version where someone pointed at your shirt and flicked your nose when you looked down—more than likely, many times. Why do we keep looking?

We do so for the same reason that social engineering works—hearing that we have something on our shirt has some effect on our emotions. We fear that we will look silly, or sloppy, in front of people we respect and (more importantly) we want to respect us. The need to confirm that the stain is there becomes so urgent in the moment that we must look down immediately, despite being intimately familiar with this kind of trick.

In addition to all this, this trick is usually played by someone we trust. This will be important to keep in mind later.

Of course, in a business-focused social engineering attack, the stakes will not often involve a bit of the special sauce from the #5 value meal on your shirt. The professional kind of social engineering plays on different fears and anxieties that are more directly related to the workplace. Since this usually takes some preparation, let’s go through the steps that the person behind the attack will generally take:

How an Attacker Prepares Their Social Engineering Attack

With some variance in the time spent by an attacker based on how sophisticated they want their attack to be, the first step the attacker will take is to plan their attack, doing their research to figure out their most effective option to fool someone. Let’s step into their shoes for a moment and run through what this research might look like.

Let’s say we wanted to attack XYZ Widget Company. As social engineers, our first step is to collect as much data as we can on them. The Internet and its plethora of open-source intelligence (OSINT) make this easier than you might expect. For example, we could turn to the company’s LinkedIn, and discover that Jane Doe and John Q. Public both work there in customer-facing roles. A quick jaunt over to Facebook might reveal that Jane enjoys doing crossword puzzles and fantasy sports, while John is big into DIY activities, ranging from cheesemaking to quilting. From there, it is an easy matter for us to reach out to either Jane or John using the OSINT we have collected and gain some of their trust. Once this trust has been established, we stand a pretty good chance of convincing them to give us more access than is warranted or share information that they should not have shared.

Of course, we could also take the simple route and instead try our luck with fear tactics. It is generally a safe bet that an employee does not want to get in trouble in the workplace, so sending a message that claims they’ve done something wrong or need to address something right away—posing as an authoritative figure or representative—might just motivate them to take action.

If we are resourceful, we could utilize both. Maybe John Q. Public had a recent picture on his Facebook with a laptop in the background and the caption, “Just hanging at home on my day off.” If we can tell that the laptop has an integrated webcam, we could just as easily reach out to John Q. claiming that we have footage of him doing “certain things” as he used the laptop, threatening to release the footage to all his contacts—personal and professional—if he does not provide us with the information we want.

What Your Team Needs to Do to Avoid Social Engineering

Stepping back out of the role of attacker, it should be clear how important it is that your team is able to spot the hallmarks of such attacks, like:

  • Messaging and tone that incites fear or makes a threat
  • Links that were not requested and do not match their apparent destination when you hover over them
  • Close-but-not-quite email addresses and domain names
  • Malicious email attachments

Furthermore, it never hurts to confirm any suspect communications through another means. For instance, if you get an email that seems to come from your boss that makes an odd request, do not hesitate to give them a quick call or pop by their office to confirm it is legitimate. I promise, they will be happier that you checked—it shows you were cognizant of the threat of social engineering.

Lean On Us to Prepare Your Team to Deal with Threats!

LinkTech is here to help your team prepare themselves to be the security asset they should be for your business. Find out what we offer by calling (605) 644-7360.

Which Industries are Most Likely to Be Targeted by...
Today’s Threats Can Really Disrupt Business

Latest News & Events

LinkTech is proud to announce the launch of our new website at www.linktechservices.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what LinkTech can do for your business.

Call Us Today
Call us today
(605) 644-7360

3301 Cambell St, Suite A
Rapid City, South Dakota 57701