Skip to main content

Don’t fall for social engineering

If you’ve ever had a scam call from someone impersonating a representative from your bank, IT company, or any organisation, then you’ve probably experienced social engineering. Social engineering is a feature of a huge majority of phishing scams, fake calls and cyber-attacks; but what is it, and how can you avoid falling for it?

What is social engineering?

Social engineering is a psychological technique employed by phishers, scammers and hackers. It’s the idea that you use a victim’s natural emotions and responses against them in order to manipulate them into doing something, or giving you something.

Social engineering will often be used alongside a fake phone call, a phishing email or another kind of cyber-attack by tricking you into downloading a virus, transferring money, communicating personal data or login details, or access to internal systems or even premises.

What are some examples of social engineering?

Social engineering plays on our ability to respond to something in the moment, and to act before we’ve thought something through. In the case of a phishing email, social engineering is often about giving you a reason to be concerned; for example, informing you that you’ve missed a delivery, or someone has access to your bank account. The natural response to this is to act quickly, which is just what the phisher wants.

In regard to voice phishing, or vishing as it is sometimes known, social engineering may be used to convince you that the person on the other end of the phone call is legitimate. This could be done by asking you some security questions, to make you feel like you need to prove your authenticity to the caller. This also shifts the focus away from thinking about the authenticity of the caller themselves.

Using your info against you

One common social engineering technique is for the scammer to use your information to gain your trust. This might be using information found on social media to prove to you that they know your date of birth, or mother’s maiden name. In businesses, this might be using information found on the company website to suggest that they are legitimate, like dropping names of other staff members, or even the office dog.

‘Can you hold the door?’

Tailgating is another common social engineering tactic. This is where a person attempting to access your premises or systems illegitimately follows a staff member into a building or office. An individual might accomplish this by intentionally having their hands full, so that a well-meaning staff member opens the door for them. They might also use something like a high vis jacket to imply to staff that they’re visiting to fix something.

Baiting

Baiting, sometimes known as a USB drop, is a social engineering technique where a hacker looking to gain access to your systems intentionally drops a USB drive in or around the business. A victim of baiting will pick up the USB drive, and wanting to find out who it belongs to, plugs it into their laptop. However, the USB drive will automatically install malware to the device, allowing the hacker access to a business’ systems.

How can you avoid social engineering?

Social engineering is very difficult to avoid, because of the way that it plays on our natural responses to situations. However, there are precautions that you can take to avoid becoming a victim of these kinds of attacks.

  • Don’t allow individuals access to premises without ID

  • Don’t plug unknown drives and devices into your machine

  • Don’t give information to cold callers - find the number for the business they claim to represent, and ring them back on a different phone

  • Don’t click links or download attachments in unexpected emails

Social engineering is designed to get you to do something without thinking it through; the way to avoid it is to slow down, and think before you act. This will help keep you, and your company safe.

Tweet us @TranscenditUK

Photo from Unsplash


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
The help and support we receive from Transcendit is outstanding Wyre Council

Based on 9656 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 22-April-2021

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer