“Social engineering” refers to different tactics used by perpetrators to trick, deceive, and manipulate people into giving out information for the purpose of gaining access to computer systems and sensitive company data.
Social engineering attacks are divided into two main categories:
Common social engineering tactics include:
Messages from “co-workers”
When a hacker gains access to a company’s user accounts, he or she can send messages out to other employees, posing as a fellow employee. In general, these messages contain only a link or a document that needs to be downloaded. If you receive an email or message that looks suspicious, it’s better to double check with the sender before accessing the link or downloading the document.Spear phishing attacks
A phishing attack occurs when a phisher sends emails or messages that appear to come from a legitimate organization, such as a bank or a company that you do business with. Most spear phishing emails and messages state that there’s some kind of problem and require employees to verify security information by clicking on a link or providing specific data, such as personal information, passwords, or access details. After obtaining the information required, the hacker is able to access the company’s information system by using a legitimate login.Vishing
Vishing is another type of social engineering attack. Sometimes, cyber criminals call up different organizations and pretend to be representatives from other companies, auditors, or team members who have lost their passwords. Then they require employees to give them login details to internal servers, so they can access company accounts. Both phishing and vishing can give hackers the information they need to impersonate staff members, access confidential information, and even arrange fraudulent payments.Dumpster diving
This form of social engineering involves searching through a company’s trash for information that can be used to access its database. Unfortunately, many companies discard documents and electronic devices that contain sensitive information making this worth the dive through their trash.Tailgating
This is another common tactic social engineers use in order to physically get inside facilities. Assuming that a person is a co-worker who doesn’t have his access card on him, a real employee may allow him to enter the facility without question.For years, social engineering has been a successful way for perpetrators to get inside computer systems and organizations.
Here are a few tips on how you can reduce the risk of social engineering attacks schemes.
Social engineering attacks can be more complex, dangerous, and harmful than a simple data breach. While user education is the best defense against these attacks, comprehensive cyber liability coverage is particularly critical for protection against social engineering-related claims.
Currently, cyber liability coverage isn’t automatically added to unendorsed general liability policies. As well, cyber liability policies can be subject to sublimits and exclude certain risks. To make sure that your policy provides a reasonable level of protection, it’s best to contact our experienced insurance specialists who will review your current policy and determine if you have adequate cyber liability coverage for specific threats.