Social Engineering and Phishing Attacks

What is a social engineering attack?

This is where an attacker uses some form of social interaction to obtain or compromise information about an individual or an organisation. Using fake details, the attacker will allege they are a legitimate contact, however they will seek to obtain sufficient information to launch an attack against the information systems. They may also gain information from other sources within the same organisation in order to piece together a credible story.

What is a phishing attack?

One particularly common format of social engineering is ‘Phishing’. This type of attack uses either email or malicious websites to obtain personal information such as login credentials from a victim, which are then used to launch an attack on the information systems.

How do I protect myself from falling victim?

  • Be suspicious of unsolicited communications.
  • Do not provide personal information unless you have confirmed the identity of the person you are communicating with.
  • Do not rely on links sent in email, conduct your own search for the same link.
  • Check a website’s security.
  • Pay attention to the Uniform Resource Locator (URL) of a website for obvious mispellings.
  • Use anti-virus software, firewalls and email filters to reduce this traffic.
  • Take advantage of any anti-phishing features offered by your web browser.

What should I do if I think I have been tricked?

  • Report it to the appropriate people within your organisation.
  • If you have provided your banking login details, contact them and watch for any unexplainable charges to your account.
  • Change any passwords you might have revealed.
  • Watch for other signs of identity theft.