Social Engineering As A Threat
Everyone laughs at the stories and tales of individuals who fall victim to the scams, spams, and phishing schemes floating around the Internet atmosphere. We ask ourselves how can someone be so naïve in allowing the crime to be perpetrated against them. Right up until it happens to us. Then it comes as a huge shock, filled with surprise, indignation, and in many cases, a passing around of blame, especially if it costs our companies a lot of money or puts them in a bad light.
No matter how many road blocks and security obstacles we put in the way, employees, people are the weakest chink in the armor. If people are not aware at all times, if ego gets in the way, if a level of apathy pervades the environment, nothing we do will stop a loss of personal and professional data. Ask yourself how many times you resisted opening a web page or email that had nothing constructive to do with work. That’s how easy it can be.
Putting a stop to social engineering is part of the responsibilities that comes with quality information security training and a CISSP boot camp. Locations including K Alliance provide the training and awareness of many transgressions that should be avoided, along with other security measures such as business continuity, access control, environment security, disaster recovery, telecommunications, network security and more.
To prove the point, a security firm performed a test at another company in awareness, where they already had training and procedures prior to the testing. The firm used the company’s letterhead stationary, composed a letter, and sent it through regular mail to one third of the staff, encompassing approximately twelve hundred employees. The letter explained the sender was from corporate security and they were upgrading the systems in the organization. The letter then continued with a lot of techno-jargon to bore the reader into losing focus and not understanding what was being stated. Then the letter hit the main point of its reason for existence. It informed the reader, agreeing about the importance of security, and not to pass on any information of the letter in any format but regular mail, as that is the most secure form of communication. It then asked the reader for their personal information in order to update the system and accurately confirm the data, due to database problems and difficulties.
The letter continued, telling readers not to use fax machines or email to send the personal information, only the supplied self-addressed envelope, already provided with stamps. The return address was not the company address. The letter also stated it was done to keep individuals from intercepting the returned letter at the workplace. It continued to tell the reader there was a secured, special post office box, only accessible by the security department. The end result? Twenty eight percent of the employees completed the letter and returned it. It is that simple to break protocols and compliances, giving away precious and critical information.
In another instance, the security firm tested an organization who had just received certification training and certifications on security and awareness, with a ninety five percent passing rate. An email was delivered with alluring rewards of free items. Forty percent of the newly trained individuals responded to the email, proving it takes an active stance and constant awareness by everyone. Individuals have to completely refuse to give personal information.
Another popular phishing scam is the banking email. Someone receives an email from their bank, stating some sort of recent transaction must be verified by the bank. Everything in the email appears to be correct, including the bank name, their impressive bank logo in shiny bright colors, even the address of the bank itself. The email certificate may even look real and genuine. In any email, the key is to use the mouse cursor and hover over the links in the email. The link address themselves will appear in a text box or the status bar. By reading the links you will be able to see mistakes. A misspelled URL address leading to a site that has nothing to do with your bank. This is common in many scam emails. Words are spelled wrong, grammar is incorrect, and the returning email address is in another country, such as China or Russia. This is a huge warning sign, screaming run fast, run far, and stay away. Your bank will never ask you to verify any information by using emails.
About Us: Next Generation Training specializes in a superior blended learning system that delivers quality instruction. IT certification training, online training courses, CBT training, and enterprise learning systems are only a few of the many methods Next Generation Training uses to instill confidence, knowledge, and increased IT skills bringing you complete success. Moving up the ladder of advancement and better salaries comes with quality training, as information security training and project management training prepares you for the road ahead. Come to Next Generation Training and acquire a solid training and top-notch value.