Guide to Preventing Social Engineering & Phishing Attacks

Social Engineering and Phishing Attacks are common forms of cyber-attack, usually by call, text or email to gain private information, access, or valuables.

Scammers can exploit human error, which can be challenging to avoid when using unfamiliar technology or speaking to someone who appears to have the correct credentials.

These attacks are not just limited to the digital world. They can happen in any situation where someone is trying to obtain sensitive information from another person.

In 2021, there were 286,607 reported scams to Scam Watch Australia, with an estimated $323 million in losses! 

Phishing is one of the most common cybercrimes. It refers to any digital contact (call, text or email) posing as a legitimate institution to lure individuals into providing sensitive data such as passwords or banking details.

Social engineering isn’t new. However, it has become more sophisticated with technology. For example, many false emails are sent claiming there is “worrying activity on your account”. The links in the email go to a near identical website asking for personal information.

Sadly, those tricked by these phishing attacks will have just handed their data to hackers on a silver platter.

Think You Can Outsmart Social Engineering Attacks?

Think again. 

We’ve all laughed at the “Nigerian Prince” who wants to send us his fortune. Who could fall for something so obvious? 

What you might not realise, these emails give you a false sense of security into thinking you can detect scammers. Meaning you’re less likely to spot a more sophisticated social engineering attack.

A study by Intel revealed that a whopping 97% of people could not distinguish legitimate emails from phishing scams. How many of those people thought they were too smart to be fooled?

With the false sense of security from generic scams, we overlook the highly personalised cons tailored to the individual. Usually armed with prior information from you from social media, public records and other hacks, they’re able to craft far more believable scams.

Watch Out For Spear Phishing

Phishing attacks are generic email scams sent to billions of people leading to a false website.

Spear Phishing, on the other hand, is highly personalised. The scammer has information about you and will try and craft a believable story based on that information. Ever seen this one:

Say your colleague has gone on holiday. You know they’re away because you saw him check into the airport on Facebook. A few days later, he sends you an email:  

“My phone, wallet and passport have been stolen”. Could you wire some money using this link? BEWARE: this is a prevalent spear phishing scam.

After you pal publicly checked into Facebook. A scammer need only do a little research to connect with you and send you a convincing sob story.

How to avoid Social Engineering and Phishing Attacks

It’s not all doom and gloom. If you want to avoid social engineering and phishing attacks, here are tips for avoiding being scammed:

1. Check the sender’s address and make sure it aligns with the person/ organisation you know.
2. Only click links from known/ trusted senders. 
3. Always login directly to company websites (not from email links).
4. Never open an attachment unless you are expecting it. 
5. Understand that a reputable company or organisation will never use an email to request personal information. 
6. Use strong passwords. Keep them secure. Don’t use the same password on multiple accounts. Change your passwords annually. 
7. Avoid giving out your email address.
8. Enter your email address at haveibeenpwned.com regularly. They analyse if your email has been part of any significant data breaches. 
9. If unsure about an email, report the message as ‘spam’ to your service provider, and delete it! 
10. Check for spelling, grammar and syntax. Most malware, phishing scams or spam originate from foreign countries, so that they may contain spelling errors. 
11. Make sure your firm regularly reviews its cyber security cyber security policies. If it does not have one, implement one immediately.

The level of sophistication and personalisation used by scammers is almost impressive if it weren’t such an inconvenience to businesses. No matter how prepared and educated you and your employees are it’s important to safeguard your business against potential losses from social engineering and phishing attacks.