March County COMPASS Cybersecurity Tips: Protecting Against Social Engineering

Submitted by the South Carolina Department of Administration’s Division of Information Security

Social engineering attacks are on the rise and cyber criminals are finding new ways to target you and your information. Discover the different types of attacks being used and how you can protect yourself.

Social engineering is a form of cyberattack that manipulates people into sharing information, downloading software, visiting websites, sending money or taking other actions to compromise personal or organizational security. There are three basic types of social engineering:

• Phishing uses email or malicious websites.
• Vishing uses voice communication.
• Smishing uses text messages.

Phishing

Phishing attacks use malicious email or websites to obtain information by posing as a trustworthy source such as a bank or financial institution. An attacker may send email requesting account or organizational information, often suggesting there is a problem. Information provided can be used to gain access to accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers will often take advantage of current events, like a natural disaster.

Vishing

Voice phishing, known as vishing, uses voice communication and can be combined with other forms of social engineering to induce users to reveal information. Advanced vishing attacks often exploit Voice over Internet Protocol (VoIP) solutions and broadcasting services. This allows caller ID to be spoofed, taking advantage of a person’s misplaced trust in the security of phone services.

Smishing

Smishing attacks exploit cell phones to send and receive text messages. Texts may contain links to webpages, email addresses or phone numbers that, when clicked, open a browser window, email message or dial a phone number. The integration of email, voice, text and web browser functionality increases the likelihood users may fall victim to malicious activity.

 What You Can Do

• Be suspicious of attachments or links embedded in texts and emails.
• Ensure the request and requester are legitimate.
• Send sensitive information securely.
• Install/maintain antivirus software, firewalls and email filters.
• Use anti-phishing features offered by your email client and web browser.
• Enforce multifactor authentication.

 Remember… you are the last line of defense against social engineering!

 The South Carolina Department of Administration's Division of Information Security is responsible for a variety of statewide policies, standards, programs and services related to cybersecurity and information systems, including the state’s security information and event management system and the Security Operation Center .