" social engineering Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘social engineering’

Best Practices for Minimizing the Impact of Social Engineering on Your Organization

Tuesday, June 26th, 2018

When many people think of cybercrime, they think of a bearded guy beating away at his keyboard in a dark room, searching for vulnerabilities in the network that can be exploited. While exploits are a big threat, the reality is that many attacks happen in smoother and more subtle ways. Why spend days slaving away to get in the backdoor, when you can just ask nicely to be let in through the front? This is the essence of social engineering.

social engineering impact


A social engineer uses a wide range of tactics to manipulate their victims into giving up whatever information they need. Imagine that someone with a police uniform knocks on your door and asks to have a word. They look authoritative, so you invite them in to sit down. They spend five minutes discussing crime in the neighborhood and on the way out, they secretly swipe the spare key. A few days later, you come back home to discover that all of your valuables are gone.

In this case, the social engineer tricked their way into the home by using the authority of the police uniform, which many people respect or even fear. Most people won’t think to turn down a police officer’s requests, or to ask for further identification. The attacker took advantage of this to gain access to the house, where they could get what they wanted, the spare key.

Read the rest of this post »

8 Ways to Protect yourself from Forged/Fake Email

Monday, January 26th, 2015

The Internet is rife with fake and forged email.  Typically these are email messages that appear to be from a friend, relative, business acquaintance, or vendor that ask you to do something.  If you trust that the message is really from this person, you are much more likely to take whatever action is requested — often to your detriment.

These are forms of social engineering — the “bad guys” trying to establish a trusted context so that you will give them information or perform actions that you otherwise would not or should not do.

Here we address some of the actions you can take to protect yourself from these attacks as best as possible.  We’ll present these in the order of increasing complexity / technical difficulty.

Read the rest of this post »

Social Engineering from Both Sides: Thinking + Caution = Safety

Thursday, May 3rd, 2012

Thank you, now I know your social security number!

Social Engineering” happens when you are manipulated into revealing sensitive or private information to someone who should not have it.  The person performing the manipulation seeks information that can be used for fraud, identity theft, computer access, and other nefarious actions.

Recently, I have run across a few situations that were not actually social engineering attacks, but could easily have been.  They serve to illustrate the danger.

Read the rest of this post »

What is Social Engineering?

Friday, July 1st, 2011

It is often thought that Viruses and Malware are the biggest threats to your personal information, but there is even a greater threat that often goes undetected. Social Engineering is a technique used by people to gather your personal or secure information without you even thinking twice about giving it away. Social Engineering is most often performed over the phone, but could just as easily be done via email, text messaging, or any other form of communication; you can be Social Engineered by anyone.

In the most basic form, Social Engineering is when someone poses as someone else (i.e. a trusted friend or colleague) to trick you into divulging sensitive information.  “Hey, this is PayPal, please follow this link and re-enter all your banking details — its ok, really!

Read the rest of this post »

Best Practices for Password Reminders and Security Questions

Thursday, May 5th, 2011

Many companies, LuxSci included, recommend or require that users have one or more “Security Questions” and corresponding answers associated with their accounts.  These questions are commonly used to:

  • Verify a user’s identity if the user has forgotten his/her password, or
  • Provide a second factor for logging into the service above and beyond the username and password

Because these questions are used to provide access to the service and identity verification, it is very important that questions and answers be well chosen.

Read the rest of this post »