Social engineering is the art of manipulating or deceiving users into taking an action or divulging sensitive information. No amount of security preventatives can overcome a business’ most exploitable resource, its employees.

Watch out for these three types of social engineering schemes.

Digital Attacks.

Phishing. Email-based social engineering targeting an organization.

Spear Phishing. Email-based social engineering targeting a specific person or role.

In-Person Attacks.

USB Attacks. An attack that uses thumb drives to install malware on your computer.

Tailgating. When a hacker bypasses physical access controls by following an authorized person inside.

Phone Attacks.

Smishing. Text-based social engineering.

Vishing. Over-the-phone-based social engineering.

Preventative Measures.

Stop. Look. Think. Before clicking on a link or opening an attachment via email, verify it’s legitimate. If it is from a website, visit the site directly rather than clicking on the link. Confirm with the sender over the phone or in person before opening suspicious attachments. This applies to both text and email links.

Similarly, before providing information over the phone it is better to be firm than insecure. Ask that person if you can call them back to confirm the accuracy of the request before complying.

On-Going Training And Education.

Bridgehead IT offers employee training, phishing simulations, and other security methodologies that seek to protect employees and businesses from threat actors. Through our partnership with KnowBe4, our cyber security team works with clients to stay informed on your specific environment and the unique challenges it faces.