Social engineering techniques that work on employees are often quite simple and easily overlooked, but can bring a company down to its knees if employees are not well prepared to avoid their pitfalls. Make sure your employees are well prepared for a social engineering attack by making them aware of these common tricks used by social engineers to gain access to your company’s network. Continue this effort by keeping up to date on the latest social engineering attacks and making your employees aware of them so they may be on guard against such manipulations and keep your company’s network and data safe from malicious access.

  1. One of the most surprisingly easy ways social engineers will use to gain access to a company’s network is by tricking employees into enabling macros in their copies of Microsoft Office, usually via fake dialogue boxes that appear in Microsoft documents encouraging employees to enable macros in able to properly view the whole document which has been created in a more recent version of Microsoft Office. These dialogues are often disguised to appear as official messages from Microsoft, to help convince employees to follow their directions. Once macros are enabled, the document will upload malware to infect the user’s machine. It is vital that your employees understand that macros are to never be turned on in any Microsoft Office product under any circumstances if they are to keep their work machine safe from malicious malware uploads such as this.
  2. Catfishing, a method known in the online dating world as posing as a potential love partner with a fake profile, has made an interesting tool utilized by hackers to blackmail employees into giving up sensitive and confidential company data. These encounters may not only happen online but also in person at bars and social gatherings. Once the catfish has obtained personal compromising data from the employee, they will use it to blackmail the employee into releasing confidential and sensitive company data such as passwords. Teach your employees to steer clear of whirlwind relationships, and resist the urge to share personal photos or videos that can be later used as incriminating data in a blackmail attempt.
  3. Similar to catfishing, affinity bonding utilizes common interests with employees to form a trusted friendship, in which the social engineer will then slowly start asking for favors and asking for information, innocent at first, and then slowly working their way up to asking for more sensitive information as trust is formed and deepened. Eventually, this will turn to a blackmail attempt, just as is done with catfishing.
  4. Social engineers may also pose as recruiters to gain enough information about an employee’s company to know who to target in future social engineering attempts to gain sensitive company intelligence. Again, the social engineer may also threaten the employee to gain intelligence, telling them that they have gained enough information about them to get them fired should they go to that employee’s boss.
  5. A more clever technique that social engineers may employ in order to gain access to company secrets is posing as an old intern. Utilized efficiently, a social engineer posing as an older but wiser intern can commit industrial espionage, gaining access to almost all aspects of a business from the inside.
  6. A more surprising method that social engineers may employ is creating bot networks consisting of employees friends and families PCs via malicious malware attacks. Combined together, these bot networks can encircle employees to gain all kind of sensitive intel about them to assist in future social engineering attacks.

While some of these social engineering stunts can be stopped cold through smart information security policies, the best policy always will be keeping your employees aware of how social engineers work and training them to be smart in the way they handle their social and business relationships to become social engineering proof. Employees that stay alert to manipulation attempts and are careful to keep company information (even the most innocent information) out of their personal lives and relationships will go far in protecting their company from ever falling victim to a social engineer’s dirty tricks. Make sure that part of your company’s security policy is educating employees on how to protect company data, and you will never have much to worry about in regards to your company’s data becoming vulnerable via offline methods like social engineering.

Source: CSO

Share This