Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

September 1, 2014

10 Things I Know About... Social engineering

10. Don't trust uniforms. Wearing shirts with company logos on them can be enough to gain access to restricted areas. Verify that visitors really are who they say they are.

9. ID caller from IT. If you receive a call offering IT support for a problem you didn't know you had, get suspicious. That's probably not Microsoft calling; it's a scam known as pretexting.

8. Don't phall for phishing. Phishing is so common because people fall for it, but your bank will never ask you to change your password by following a link. Always type in Web addresses directly; don't click on links.

7. Watch out for attachments. Never open an attachment from an untrusted source, no matter how enticing. Even if you know the sender, it's worth scanning that .ZIP file before you consider opening it.

6. You don't have to be so nice. "Tailgating" works because people don't like to let the door close on the person behind them. But if you work in a secure building, your manners could cause a security breach.

5. Don't fall for USB 'bait.' "Baiting" involves leaving a USB flash drive with an intriguing label on it lying around in the hope someone will stick it in their computer and unwittingly install malware or worse. Remember what curiosity did to the cat.

4. Say no to quid pro quo. Quid pro quo scammers will offer you something enticing, like chocolates or a coupon, in return for information about you. If it sounds too good to be true, it is.

3. Verify 'pleas.' Requests for money to help a desperate friend or relative commonly come through hacked social media accounts. Contact the person before you send anything to make sure it's really them.

2. Don't be the weakest link. You can have endpoint security systems in place with anti-virus, URL and content filtering, firewalls at the gateway and desktop, anti-malware, and more, but social engineering encourages you to bypass your own defenses.

1. Everyone needs educating. Create a user awareness program on how to spot social engineering techniques. A healthy dose of suspicion could save a lot of time and money.

Michelle Drolet is founder of Towerwall, a data security services providera in Framingham. Contact her at

Sign up for Enews

WBJ Web Partners


Order a PDF