TechnicalRS Logo TechnicalRS Logo

All TechnicalRS Blogs

Subscribe to the TechnicalRS Newsletter

Invalid Input

Invalid Input

Invalid Input

Font size: +

Understanding and Defending Against Social Engineering

Every year, security technology gets more and more intricate. The tools we have at our disposal to defend against malware, direct hacking, DDoS attacks, data breaches and more have been consistently improving as bad actors continue to innovate on the technology they use to attack businesses. However, while this battle is constantly waged over a virtual field, the overwhelming majority of attacks are still perpetrated through a single old-fashioned tactic: social engineering.

What is Social Engineering?

Though the term was popularized in the 1990s, the basics behind social engineering have been around as long as there have been scams. Rather than approaching a potential victim by means of hidden technologies, social engineering attacks are so successful because they go after the one element that cannot be protected by an Antivirus program: the person behind the keyboard. At its most basic level, social engineering attacks are attacks where a bad actor will convince, or engineer, a person to take an action that will lead to them being compromised.

Recognizing Common Attacks

Pretending to be a Team Member

Attackers attempting to use social engineering techniques may pretend to be a member of your team, or perhaps even someone from a different department or a supervisor. If they are contacting you by email, the email may even appear to be coming from the correct place. If you see that they are asking for something usual, such as for you to allow remote access into your machine, contact them directly through a different means, either in person or via phone. Be sure not to use the phone number the person emails you, but rather call them from a number you know will reach them. If the request is revealed to be illegitimate, report it to your IT department immediately.

Pretending to be Microsoft

One way a bad actor may attempt to infiltrate your network is to call you and say that they are a member of your IT department. They take this route because they expect individuals to already be familiar with remote access from their IT department. They may tell you that they installed a new program on your system called "Quick Connect," and would like you to allow them remote access to your system.

Please note that Technical Resource Solutions does not use Quick Connect. Quick Connect is a Microsoft product, and was not installed by your IT department – but it can be used to remotely access your computer if you give the other person access.

If you ever receive a phone call from someone posing as your IT department and the request does not sound legitimate, hang up the phone and call the us directly. We'd be happy to confirm whether the call you received really was from a member of our team.

Fraudulent MFA Attempts 

A newly popular form of social engineering attack involves taking advantage of the multi-factor authentication on a user's account to gain access. Attackers will attempt to access an account by using account recovery tools, and then when they are asked for a multi-factor code, they repeatedly spam the request to a user's phone. These attacks tend to come late at night, when a user isn't prepared or expecting an attack to be taking place, and they might accept the multi-factor access request without thinking twice just to get the request spam to stop. At that point, an attacker has carte blanche to take full control over an account.

What To Do

If you ever feel that the person on the other side of the phone connection is not who they claim to be, the best course of action is to hang up the phone and call the supposed company or individual directly using a number you know to be the correct phone number. If you identify a fraudulent phone call or otherwise, be sure to report it to your IT department immediately.

Additionally, be sure to stay aware of email alerts from websites that tell you when someone's logged in to your account from a new device. If you don't recognize where the log in attempt was made, lock down your account immediately by changing your password and assuring your multi-factor authenticator is up to date.

Lastly, multi-factor access requests should only ever come to you when you are attempting to log in to your account. If they're coming at a time that doesn't coincide with one of your own log in attempts, immediately change your password and do not accept any suspicious multi-factor requests. If the spam is becoming overwhelming, use the "silence this conversation" feature of your phone to mute notifications, and talk to your IT department immediately about how you can further protect your account.

Server or Desktop: Does it Matter?
It's Time to Embrace Endpoint Detection and Respon...