Links
- Other Posts
- Internet Bot Security
- 12 New Cisco Patches
Social Engineering Warning
Dark Reading, an IT security website, recently released an article on the new dangers of social engineering in this current time of financial difficulties. Specifically, the article warned of the dangers of spear phishing directed at financial institutions [spear phishing is a targeted social engineering attack directed at a specific company]. New attacks are preying on people’s fears over the current economy. Financial institutions are seen as particularly vulnerable to these attacks since employees are more concerned with job security and institution performance in a weaker economy. Auditors are finding it easier to trick employees by claiming to be federal regulators or by sending emails with information on how the institution is gaining ground on competitors.
This is a good time to emphasize social engineering training with your employees. Gladiator recommends going over some of the scenarios listed above and in the Dark Reading article to ensure everyone understands what to do in a given situation. Visitor credentials should always be verified and confirmed with management before anyone is allowed access to non-customer areas of an institution. Also, employees should not click on links from untrusted sources in emails, and should be taught how to identify phishing emails. Furthermore, ensure that your institution has incident handling processes in place for social engineering attempts and that all employees are aware of their roles. If possible, you should perform some internal social engineering phishing tests to identify weaknesses in your response processes.
Reference Links:
- Dark Reading article (http://www.darkreading.com/document.asp?doc_id=165537)