Results

Columbia Banking System Inc.

10/27/2021 | Press release | Distributed by Public on 10/27/2021 10:45

Protect Your Business from Common Social Engineering Tactics

A new fraud tactic by bad actors can mimic routine communications and guide businesspeople toward decisions that are decidedly not in their best interests and can unfortunately lead to devastating consequences.

These criminal actions, known to cyber security experts as "social engineering," are designed to manipulate an unsuspecting person, persons, or an entire organization into divulging sensitive information through digital communications, rendering a business vulnerable to fraud or theft.

A recent studyby a cybersecurity firm stated that the average business could expect to see around 700 social engineering attacks annually.

In some ways, bad actors have borrowed the face-to-face tactics of old-fashioned conmen and applied them to the digital age. Criminals use social engineering by:

  • Learning as much as they can about their target
  • Impersonating a trusted source to bypass scrutiny
  • Convincing a target to give up information by playing on emotion or a sense of urgency
  • Committing their fraud and disengaging quickly to avoid detection

Here's an illustration of social engineering that has become all too familiar to many businesses who've fallen victim to fraud.

Someone at the office receives an email from the CEO that looks very legitimate, including from the correct email address. The message says that the boss desperately needs some critical client information for an important meeting offsite that starts in less than an hour. It also says, in all caps for emphasis, "IF YOU DON'T SEND OVER THE SENSITIVE INFORMATION IMMEDIATELY, THE COMPANY WILL LOSE THE ACCOUNT!" In this instance, the employee, desperately trying to do the right thing for the CEO, sends the information without a second thought. Unfortunately, within days, your company's number one client experiences a huge data breach, and they are demanding answers. Of course, the real CEO never sent the initial email, and now everyone is frantically trying to find out what happened.

In order to avoid this potential disaster, companies should educate every employee about basic steps to protect against social engineering attacks.

The first step is simply teaching your team that social engineering exists. Once everyone knows about the threat, their sense of awareness is naturally elevated.

Secondly, reward skepticism. Educate your employees that questioning unusual or strange email requests should always be their default action. In the above example, it would have been prudent for the employee to take a minute and think about the message, especially if the CEO rarely, if ever, sends them direct emails. A quick call to their supervisor or the CEO's assistant to ask if the message is legitimate could have stopped the fraud cold.

Thirdly, encourage your team to adhere to basic digital security maintenance and habits:

  • Never download files when you aren't sure of the source
  • Never accept unsolicited offers
  • Delete requests for personal information
  • Always comply with your company's policy on spam filters
  • Secure your computer when not in use
  • Contact IT or your supervisor if you see ANYTHING that looks suspicious

Everyone in business is working hard to make their company successful. Unfortunately, criminals are working hard as well. Don't let these offenders use social engineering to upend your success.