Follow these tips and prevent social engineering attacks

 The Rimasauskas case is a classic example of a phishing scam. The attacker hacks or impersonates a trusted person and then “phishes” specific individuals. Phishing, which uses the “spray and pray” method, is considered very convincing. The attacker may also impersonate a person with whom the target communicates regularly. They may have an almost identical email address, with a very subtle change in the domain name. For example,   trust.person@companyname.com becomes . trust.people@company–name.com 

Unfortunately, some people, even those who work at the world’s most powerful technology companies, don’t notice the small changes in words and titles. This may be because they are distracted or stressed, or perhaps because the fake email has a high level of persuasion. 

Because the emerging threat of deepfakes could soon become a widespread problem, 74% of IT leaders believe deepfakes threaten the security of their organizations and employees. Therefore, adopting some steps may contribute to protecting your business from this new fraud.

• Rely on verifying phone orders via another medium, such as email or SMS. This type of two-factor authentication (2FA) is a security step that must be applied across all channels.
• If the caller insists that the request is urgent, try verifying their identity in another way — such as asking them some specific details about the office or an event you both attended.
• Work closely with your IT department to record all suspicious activity and security incidents.

How to prevent CEO fraud

Fraud that relies on impersonating a CEO is one of the most successful social engineering attacks. Imagine that you are working in the office late one day. Then you receive an email from the CEO himself, asking you to make some last-minute adjustments to a particular invoice. Since the tone is urgent, the email seems genuine, and you have a chance to please the boss, why not go ahead and do what is required?

This scam is a common form of business email compromise (BEC) using impersonation techniques, where scammers can send emails using your CEO’s name, or nearly indistinguishable email addresses, and hackers can also compromise your CEO’s email account.

Technical solutions, combined with security awareness, are the most important means of avoiding fraud for executives.

How to prevent whaling

When defending against whaling attacks, the same principles apply as when defending against targeted phishing and CEO fraud. In addition to ensuring that employees – including senior executives – are trained on how to spot impersonation attacks, you need to implement email security solutions to detect and prevent successful inbound attacks.

How to prevent phone phishing 

Phishing attacks typically use Voice over Internet Protocol (VoIP) technology to spoof the caller’s identity. Attackers can also use “war dialers” to contact many people in a short period. 

Therefore, employee training is key to protecting your business from phishing attacks. Make sure your employees understand what a phishing attack might look like (the caller is pushy or offers unexpected benefits), and they should never respond to such a call.

How to prevent SMS phishing

“The Federal Trade Commission received 93,331 complaints about fraudulent text messages in 2018, 30% more than in 2017,” according to Consumer Reports.

Phishing (SMS) messages follow the same patterns as other social engineering attacks. Scam texts are usually urgent in tone claiming that the target is in danger or has been the victim of credit card fraud. They may claim that the target has won a prize, or is owed a tax refund, so avoid falling victim to this scam. Workplace security teams ensure that employees act carefully when responding to text messages, just as they do with emails. 

The most important advice remains to never respond to any suspicious message, click on links in SMS messages, or reveal personal or company information via SMS.

The largest companies have been deceived through social engineering techniques. Therefore, companies must give cybersecurity an important role and raise the level of knowledge and know-how among their employees, as they are the first line of defense. Also, adopting security awareness campaigns as an integral part of its security programs.