Social Engineering and Phishing: Targeting your workplace
December 16, 2013
In the Get Cyber Safe blog we often write about keeping Canadians safe when using the Internet in their homes and on their mobile devices. But online threats also target Canadians in their places of work.
Cyber criminals, intent on stealing confidential information andcircumventing security on corporate networks, design their attacks to trick unsuspecting workers.
Criminals will send unsolicited emails (known as the “bait”) to random workers in an attempt to scam the user into surrendering private information. This information will then be used for identity theft or to help convince your co-workers that the sender is legitimate. While most people will ignore the 'bait', others will bite and thus allow the cyber criminals to perpetrate their schemes. This is called “Phishing” and you need to be aware of it.
Sometimes Phishing is combined with Social Engineering where brazen cyber criminals go one step further and contact users by email, telephone (or occasionally even in person) in an effort to convince them to give up valuable information. Cyber criminals research their victim's social media profiles so they can tailor the attacks by including information about the victim or people the victim may know. This makes the attacker's requests seem more genuine especially when it appears they are familiar with the victim's business.
Knowing the risks of these attacks will help you defend against cyber criminals who try to trick you into putting your organization's network at risk. Here are a few things to consider:
- Check links in email by moving your mouse over links and verifying the addresses. If the address doesn't match the website or company you are expecting, don't click the link and report the email to your helpdesk.
- Don't blindly follow instructions from people in email, on the phone or 'technicians' who happen to stop by your desk. Ask yourself, “Is this a legitimate request?” and “Does this person need the information they are requesting?” Help technicians do not need your password to do their work – so don't get tricked into helping the cyber criminals.
- Beware of threats – if an email is threatening to suspend your account or states that your system has been compromised, it may be another example of the same kinds of tricks. Don't fall for fake 'alerts'.
- Most importantly if you think that you may have been a victim of a Phishing or Social Engineering attack, report it to your corporate security or helpdesk teams.
Following good cyber security practices will help shutdown cyber criminals and make your corporate network as safe as possible. You can also read more on the Phishing pages of Get Cyber Safe, and by following us on Twitter @GetCyberSafe.
There are no comments at this time
- Date modified: