JOINT BASE LANGLEY-EUSTIS, Va —
When you think about cybersecurity, your first thoughts may initially go towards computers, installing antivirus, watching for suspicious emails, even physical security. However, in the broader scope of Information Assurance, social manipulation is a very large area of concern. Social Engineering is, in simple terms, a security threat in the form of cons and scams. By exploiting our deeply engrained social behaviors, attackers can easily gain access to either our network systems or discover sensitive information.
Employee behavior has a very significant role in the security posture of our organizations. It’s our shared responsibility to be vigilant in guarding against all kinds of attacks, and social engineering is no different. In this bulletin, we will discuss a few of the more commonly used types of Social Engineering as well as ways to safeguard against them.
Social Engineering Strategies
Phishing: This is when an attacker uses fabricated correspondence to bait victims into divulging personal information or using a malicious hyperlink.
Pretexting: This is when an attacker impersonates a trusted entity in order to gather sensitive information.
Baiting: When an attacker leaves malware-infected devices (eg. Flash drives, CDs) in hopes that a victim uses the device on their computer.
Tailgating: When an attacker follows someone with authorization into a controlled access area.
Safeguarding Against Social Engineering
Report suspicious emails- All official emails should be digitally signed to verify the identity of the sender. Any emails received without digital signatures should be treated with care. Consult your 633 ABW Computer Incident Response Aid for actions regarding suspicious emails.
Controlled Areas- For those who work in controlled access areas, make sure that each person who enters the building scans their access badges or are closely escorted by an authorized individual. Installing mantraps is a secure way to ensure only one individual enters a secure room at a time.
When You’re at Home– Make sure that you and your family are doing their part to avoid social engineering attempts. This can be in the form of inquiring details about a suspicious phone call, setting up parental controls on your home computer, and even throwing away junk mail.