Schaefer Marketing Solutions: We Help Businesses {grow}

How to keep yourself safe from social engineering attacks

social engineering

By Kiki Schirr, {grow} Contributing Columnist

Your Facebook “About” page says where you were born. LinkedIn states where you work. Your Twitter profile reveals your collegiate team. And that old OKCupid profile you forgot to delete–well, you were a little too open, perhaps.

There’s likely a ton of data about you online, especially if you’re crafting a big social media presence. Being found is great in business, but are you sharing too much private information?

Today I’ll examine the nefarious practice of social engineering and what you can do to combat it.

Keeping yourself safe from social engineering

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

Let’s start with the basics. What private information is already out there that could be clues for hackers? In order to fully protect your privacy, you should know what you should be guarding. At the least, protect:

If you have a child, or other special considerations, keep even more information secure.

Common types of information-gathering attacks

You might have heard that your “hacker name” is the name of your first pet followed by the your mother’s maiden name. Don’t post the results online, because that quiz is a common social engineering attack. Both pieces of information are common answers to identity-proving questions.

There are plenty of other social engineering tactics. You might be familiar with phishing attacks — those are the emails you receive daily in your spam folder, from businesses that look real, asking you to verify private information. A good rule of thumb to combat these attacks is to NEVER click a link in an email, even from your mother. Just type in the root of the URL and search for the content she sent.

Other attacks are more straightforward. They might reward you with some small prize like a song download in exchange for some private information. Both the information you willingly grant them, and the download itself could be malicious.

Also be wary of people offering to fix issues for you. If someone says they can stop the deluge of spam emails your business is getting, it’s quite likely that they are directing the emails in the first place. It’s modern-day protection money.

Tools and tips to protect your private information

Anytime you transfer information via the Internet there’s an opportunity for that conversation to be overheard. Try to only send personal information over websites whose URL begins with “https.”

Also be aware that you don’t necessarily need to hit the send button for a website to read what you’re typing into a form. In 2013, people became aware that Facebook was saving what they’d typed (and deleted!) on the site.

To protect your email, have several accounts and use each one for a purpose. Have a work email, a consulting email, an email for spam, and one for personal contacts. When you don’t trust a site, use your spam email, or create a burner email through tools like Throttle.

If a site or someone that you don’t trusts asks for your phone number, consider using an alternate phone number, such as a Google Voice account, or phone number apps like Ring4.

In the same manner, if someone wants to mail you something, use a post office box.

Never sign in to your bank accounts or give people your information when you’re using a public wifi hotspot. Wait until you get home or on to your company’s secured network.

Best practices for protecting private information

I hope these tips are useful to you. Have fun on the web, but be careful out there!

Kiki Schirr is a freelance marketer. She is currently building a video platform called WeKiki and draws Tech Doodles. Kiki can be reached easily through Twitter.

Comments
Exit mobile version