Cyber Security Month 2023 - Cyber and Fraud Centre

The 2023 European Cybersecurity Month takes place throughout October. The month is dedicated to raising awareness about the ever-evolving landscape of cyber security threats. The initiative serves as a platform for promoting cyber security through education and discussion across Europe. In a digital age where our lives are increasingly intertwined with technology, safeguarding against cyber threats is more crucial than ever. This year’s strategy, #BeSmarterthanahacker will examine the world of Social Engineering, a growing phenomenon amongst cyber criminals and one of the biggest threats to cyber security today.

Social Engineering refers to clever manipulation tactics cybercriminals use to breach security defences, usually through psychological tactics appointed to exploit human weaknesses and gain unauthorised access to systems or personal data. The campaign will encourage users to stay aware and alert to things such as phishing emails, impersonation scams, phone scams, fake websites, and reciprocation techniques; all of which help increase vigilance towards cyber hacks and protect users from potential scams.

In this blog, we’ll explain what social engineering is, provide examples of common tactics, and share tips on how to boost your defences against this threat.

Some examples of social engineering include:

Phishing emails trying to trick users into entering usernames/passwords or downloading malware.
Phone calls impersonating IT staff and requesting access to computers or accounts.
Fake websites offering free downloads or prizes in exchange for personal data.
Strangers shoulder surfing to spy on passwords or other sensitive information.
Social engineers often spend time researching targets beforehand, gathering useful bits of information about you from social media sites. This background research helps them win trust or appear legitimate.

Common Social Engineering Tactics

There are a few approaches social engineers frequently use to dupe their targets:

Impersonation: Pretending to be a trusted entity like an IT helpdesk, executive, police officer or vendor.
Sense of urgency: Creating a false crisis that prompts hasty action.
Reciprocation: Encouraging targets to return a favour or help a person in need.
Diffusion of responsibility: Making targets hand over duties to others against protocol
Social proof: Citing authority or endorsement by others to establish legitimacy.

How to Guard Against Social Engineering

The most effective defence against social engineering is training employees to recognise and report suspicious activity. Here are some key strategies:

Verify requests for information by contacting the person directly – don’t use contact info provided.
Avoid clicking links or opening attachments in unsolicited emails.
Don’t disclose personal or company data over the phone unless you initiated contact.
Reset passwords immediately if you suspect credentials have been phished.
Report any odd communications purportedly from co-workers or leadership.
Keep sensitive documents locked up and shred unneeded papers.
Destroy old hard drives and electronics to prevent dumpster diving.

With the right mix of security awareness training and technical controls like email authentication, organisations can shut the door on social engineering threats. Employees are the last line of defence, so equip them to fend off attacks.

Stay vigilant against the creative schemes of social engineers. Learn to identify manipulation tactics and verify requests before handing over valuable data or access. Following cyber safe practices will keep your organisation safe.

04.10.23