In 2018 we wrote an article on the rise of social engineering. With the rapid rise of online scams during COVID19 however, we think that now might be a good time for an update!
In a nutshell, social engineering is a form of deceit to get control over your computer system or to trick you into divulging personal information.
Common types include pretexting (inventing scenarios to get you to act), baiting, phishing emails, honeytraps and more.
Targeted email scams or ‘spear phishing’ is one of the most common types. According to IT security specialists KnowBe4, 77% of social engineering attacks start with a phishing email.
The problem with these types of emails is that they can look so genuine. This is because the sender usually already has some detailed knowledge of the recipient and so knows just how to target them.
You may also have heard that phishing emails usually contain a suspicious link or attachment. However, KnowBe4 says that 60% of spoofed emails don’t include either of these. Instead, they rely on a direct response from the receiver.
It’s important to know the signs of a phishing email. You should also train your staff members in recognising scam emails and in how to respond. Read about some of the telltale signs below.
Email scam ‘Red Flags’ to look out for
- A hyperlink that points to another website when you hover over it with your mouse.
- You are being encouraged to open an attachment to avoid bad consequences or to get a reward.
- The email address of the sender looks unfamiliar.
- The domain name looks suspicious or unusual.
- You don’t know the sender and have no idea whey they would be emailing you.
- The email looks like an internal email but also looks unusual or unfamiliar.
- It was sent to an unusual mix of recipients.
- It was sent outside of business hours.
- The subject line does not match the content.
- It claims to be a reply to an email from you but you’ve no idea why.
- It has poor spelling or grammar.
If you come across any emails showing these ‘red flags’, it’s important to not respond, and especially to avoid clicking on any links or opening attachments! In general, the overall message is – if in doubt, bin it!
You can view a full list of KnowBe4’s Social Engineering ‘Red Flags’ here.
There are a few ways to reduce the risk. Here’s how.
- Train workers on the signs of scam emails.
- Only use secure email gateways.
- Use multi-factor authentication for financial transactions or for accessing sensitive information.
- Regularly review your security policies and procedures and your firewall configurations.
Risk training and insurance for your organisation
It’s also important to have adequate cyber insurance to cover you in case of losses due to online scams and social engineering. Contact us if you would like more information on this or on church insurance, not for profit insurance, or church liability insurance. Alternatively check out our insurance types page.
Written by Tess
Tags: data, pandemics, security