The Cybersecurity and Infrastructure Security Agency (CISA) noted that 90% of successful cyber-attacks begin with phishing emails, which is unsurprising. Social engineering attacks prey on the exploitation of human psychology and range from phishing emails to impersonation phone calls. They do not have sophisticated solutions or technologies to stop these attacks; your defense relies purely on your ability to determine if you can spot the red flags. With the introduction of artificial intelligence, cybercriminals are using it to raise the bar and make their efforts much more challenging to detect. So, with these points in mind, let us get into some ways you can identify current social engineering attacks.
Common Signs of Social Engineering Attacks
Be wary of urgency and pressure. Cybercriminals need you to feel panic or a sense of urgency; this drives you to react quickly instead of slowing down and thinking about the situation. These tactics include an email that threatens to lock an account, an invoice that must be paid now, or some form of pressure to act immediately.
Suspicious Links or Attachments. A seemingly legitimate email can contain links to malicious sites or attachments that could do you harm.
Too Good to Be True Offers. If you feel something is too good to be true, it likely is. From a prince looking to give you money to gift cards or cash offers, the likelihood you will have a positive experience is not good if you interact with these communications.
Generic or Odd Language. While grammatical issues have been reduced due to the use of AI, many emails still have a very strange or poorly written tone. Odd things like phrasing issues, generic greetings like “Dearest Customer,” or that unnatural sense of urgency suggest that the email is a phishing attempt.
Fight back, be sure to SLAM Emails
The acronym SLAM stands for sender, links, attachments, and message. Following this process will reduce the likelihood of falling for a phishing attempt.
Sender. Look at the sender's email address. Is it spelled correctly, or does it look like it is coming from the right party? You may have a phishing email if something seems off in the sender field.
Links. Links allow hackers to steal login credentials and install software on your systems. Hover over them to see if you can identify where they go, and if something does not seem right, do not interact with them. If you are asked for your login credentials or sensitive information, do not comply unless you confirm the email’s legitimacy.
Attachments. Never open attachments from any sender you do not know; even if you know them, do not open unsolicited attachments without confirming with the sender that they provide you with a legitimate attachment.
Message. Thanks to AI, it may be more difficult to spot, but content and context can be a dead giveaway that the email is a phish. Generic greetings, strange wording, or general awkwardness can be reasons not to trust the request.
The SLAM method is one of many low-tech ways to harden your inbox against phishing attempts. If you are ever in doubt, throw the message out and call the party you got it from using a known good phone number or alternative means of communication, just in case their inbox has been breached.
Next Steps
Social engineering will continue to be a primary means for cybercriminals to attack your business. Consider educating yourself on how and the means by which these attacks are carried out, and be diligent in your daily interactions with your inbox. Always trust your instincts, be suspicious of communications, and maintain a healthy level of skepticism.
IntelliSystems offers businesses the means to strengthen the human element in the cybersecurity arena. We provide a comprehensive awareness training program to educate and test employees on the current threats and best practices in online safety. We empower you to recognize social engineering attacks, spot phishing emails, and follow best-practice security protocols. Our approach is blended in layers of defense that work to protect your business from current and future threats. From advanced detection to proactive response, our approach ensures your business can build a strong security program. Reach out today!
