This is the Security Tip: Identify Social Engineering email that is used within the PhishingBox security awareness training. These security tips can be used to provide ongoing security reminders to employees.
What You'll Learn Today:How to Identify a Social Engineering Attack
A social engineering attack is when someone is manipulated into perform a specific action. Social engineering attacks are either in person, over the phone, or electronic, such as email or other messaging systems. No matter what method is performed, there are some key similarities.
Do you know the signs?
There is a request for non-public information or to perform an action of some sort, such as sending money, or downloading software.
Any event that results in damage, corruption, misuse, or unauthorized exposure of confidential data, whether the event was deliberate or not.
There is a request for non-public information or to perform an action of some sort, such as sending money, or downloading software.
Any event that results in damage, corruption, misuse, or unauthorized exposure of confidential data, whether the event was deliberate or not.
There is often a sense of urgency. That is, you must do this now or there will be repercussions, such as lost data.
There is often a significant reward for acting, such as financial gain or avoiding computer damage.
There is often a sense of urgency. That is, you must do this now or there will be repercussions, such as lost data.
There is often a significant reward for acting, such as financial gain or avoiding computer damage.
DO NOT reply or provide any non-public information or perform any actions unless the request has been valid.
If you think you are receiving a request that may be part of a social engineering attack, contract your security department so they can take appropriate actions.