October 19, 2023

Be Extra Vigilant with Confidential Information

As the war between Israel and Hamas continues, hackers are becoming involved in spreading misinformation and hacking attempts against Israeli and Jewish targets. The information you have access to is more valuable than ever to criminals and bad actors. Therefore, it is crucial that we are all vigilant when handling confidential information. Below is a summary of the meaning of social engineering, the most common social engineering attacks, and some helpful tips on how you can keep sensitive information safe.

What Is Social Engineering?
Social engineering is a manipulation technique that exploits human behavior and error to gain access to sensitive or confidential information. It uses deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. It’s sometimes referred to as “human hacking.”

How Does Social Engineering Work?
Social engineering works by building false trust, exploiting human error, and using persuasion to gain access to sensitive or confidential information. It can take many forms, but they all generally work the same way. The process usually involves preparation, infiltration, exploitation, and disengagement.

Most Common Social Engineering Attacks:

  • Phishing and Spear Phishing: Use of malicious emails and text messages
  • Baiting: Promises of a reward for providing sensitive/confidential information
  • Malware: The installation of malicious software onto your device
  • Pretexting: Impersonation of your bank, credit card company, payroll provider, etc. by a bad actor
  • Quid Pro Quo: Impersonation of IT support staff to gain access to your device or work accounts
  • Tailgating: Using a misguided sense of courtesy to gain access to a secure area
  • Vishing: Urgent voicemails convincing you to act fast to avoid a dire consequence

How Can You Protect Yourself?

  1. Be suspicious of unsolicited messages: Always be wary of unsolicited contact from individuals seeking internal organizational data or personal information.
  2. Don’t share personal information: Do not provide personal information or passwords over email or on the phone.
  3. Use multifactor authentication: This adds an extra layer of security by requiring multiple forms of verification.
  4. Don’t open emails or attachments from unknown sources: Be cautious about opening emails and attachments from people you don’t know.
  5. Physical security: If you see something, say something. Be on the lookout for people who do not belong in your workplace.

Remember, the best defense against social engineering is awareness and vigilance.