Most small business owners have been there.
Someone reaches out with a false sense of familiarity. Their email address may look official or professional. You might even feel at ease—after all, you’re dealing with a person. Human-to-human contact is a good thing, right?
Yet not all interactions are created equal. Social engineering is commonplace, and in order to protect your business, you need to recognize the signs.
What Is Social Engineering?
Social engineering involves manipulating or deceiving someone in order to gain control over their digital systems. A hacker might rely on phone calls, emails, or even direct contact to access your devices.
Phishing and CEO fraud are two examples of social engineering. As we discussed in a previous post, phishing involves sending messages that purport to come from a legitimate company. The idea is to get you to share your personal information—think passwords, social security numbers, and credit card details—or to install malware.
Similarly, CEO fraud is the act of posing as an executive in order to gain the same illicit access to your private information. We’ll review the many different types of social engineering attacks in next week’s post.
Signs You’re Dealing with a Bad Actor
There are a number of common tells you’re dealing with a bad actor. Speak with your staff and stay on the lookout for the following:
Requests for passwords or payment info.
Never share your information by clicking a link in an email. Always type the business’s URL directly into your browser.
An unsettling tone.
Tonally, you may get a sense that something is “off.” Extreme familiarity—or an unsettling formality—could point to a phishing attack.
Poor grammar and typos.
Many bad actors operate offshore. If you notice lots of typos or grammatical errors in an email, proceed with caution.
A strange sense of urgency.
Social engineers want people to act immediately in order to keep or restore their accounts. Remember that nothing is that urgent.
Strange email addresses and domain names.
Did you get a late payment notice from your local “Chervolet” dealership? How about an email from an “@welsfargo.com” address?
Note the misspellings, and write these communications off as phishing attempts. If you think you’re dealing with a bad actor, don’t hesitate to report the suspicious message you’ve received. Protect your business, and encourage your colleagues to do the same thing.
Book Your Free Consultation with Umbrella Security Services
Do you have questions about our security services?
Are you interested in developing a custom security solution for your home or business?
Please contact us for more information on what Umbrella Security Services can do for you.