Why Social Engineering Scams Still Work on Employees

Online scams are nothing new. They are the bane of every organization that relies on IT systems to run their businesses on a day to day basis. This means that all types of enterprise, regardless of size, scope, or industry, can potentially become unintended targets.

In today’s hyper-connected and Internet-dependent business landscape, almost any company is vulnerable to cyber attacks. Even for companies that conduct routine security training, employees still regularly fall for social engineering scams. You and your IT support team may have been diligent about warning everyone about how to avoid phishing scams, and yet security breaches persist.

Here’s why many employees still fall prey to these scams, and what you can do to avoid them.

They checked their social media accounts during work hours

While there’s nothing wrong with surfing per se, it does make your employees more susceptible to scams. Instagram, Facebook, Twitter, or other social media accounts are an attractive platform for online criminals to exploit because it’s easier for them to penetrate, as it requires less effort with potentially bigger returns.

LinkedIn is an especially tricky site to discern because it’s marketed for business-related activities. It’s common to receive official looking LinkedIn invitations or InMail, only to be scammed out of divulging sensitive company information to cyber criminals.

Add to this the fact that most employees are less discerning when it comes to deciphering scams on social media, and the risk for cyber attack becomes higher. If data infringement is left undetected or not caught in time, it will require costly disaster recovery measures to undo the mistake.

To prevent security breaches, your management team could opt to limit social media access during work hours or on certain work-related devices. Better awareness training might also be in order. LinkedIn scams can be avoided by getting a work colleague’s email and verifying any LinkedIn accounts through that email.

They mistook it for work-related email

This is a fairly common scenario—one that many employees fall for. Unfortunately, cyber criminals are getting better at crafting click-bait links on official looking memos sent via email. Subject lines that say “Re: Required file attached” or “Client Invoice Attached” can easily be mistaken as urgent messages that need your immediate attention.

The consequence of clicking on an unsafe link include getting your network infected, having someone take over your device, or giving criminals access to sensitive data. To avoid this, it is best to use a secure file transfer system when communicating with outside contractors.

To verify if the email or file is valid, make it a habit of double-checking the sender’s email and the type of file sent. Be aware that enabling macros can allow predators to take over your system, so take note of records that require it.

They thought they were getting free software

There’s a saying “there’s no such thing as a free lunch,” and it’s true when it comes to messages that offer something for free. Unfortunately, most of us are hardwired to want to get something out of nothing, and that’s when you should take extra precautions.

This is especially true for sites that send you links to free software offers. Those that require you to download software via their website increases your chances of contracting a virus, more so if these are bundled with other software you don’t even need.

Avoid compromising the integrity of your network security by verifying if your IT team already has the software licensed. Another way to prevent infection is by going directly to the website that offers the free software.

Always stay vigilant

Many of today’s technological advances have made it easier and faster to conduct business operations for many organizations. Nevertheless, it’s important to always take extra precautions when making online transactions.

Keeping yourself updated on a regular basis and conducting routine employee security briefings are your best defense against any cyber attack that could damage your company. Remember that if something seems too good to be true, it most probably is, so never let your guard down, and always stay vigilant.

Article written by

Vlad de Ramos has been in the IT industry for more than 22 years, focusing on IT Management, Infrastructure Design and IT Security. He is a certified information security professional, a certified ethical hacker, a forensics investigator, and a certified information systems auditor. Check out Vlad’s IT community here: http://www.aim.ph

Leave a Reply