How Good is Your Cybersecurity “Spidey-Sense”?

Written by

Cybersecurity threats are always changing and evolving as attackers find new ways to compromise company or personal information. The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”

At SitelogIQ, data security is a key focus area within our Environmental, Social, & Governance (ESG) program. We believe it’s imperative that our team participates in ongoing education and is properly prepared to spot potential data security risks and take active responsibility in protecting our customer, employee, and partner data from harm. We talk a lot about fine-tuning our team members’ “spidey-sense”, or their ability to spot a threat. During last year’s Cybersecurity Awareness Month, we shared tips for identifying phishing emails, cybersecurity best practices, and more.

This year, we continue those efforts to educate our team and you on how to stop potential cyber-attacks. We’ll focus on identifying social engineering red flags, how to properly handle confidential information, the dangers of insecure networks, and how to avoid credential harvesting attacks.

Social Engineering Attacks

To kick off Cybersecurity Awareness Month, we’re focusing on social engineering attacks, which involve an attacker using human interaction and social skills to obtain or compromise information about an organization or its computer systems, as well as personal information. The most common social engineering threats come in the form of digital, in-person, and mobile/phone attacks. However, there are a few red flags to watch out for to help you spot a potential attack:

  1. Email addresses that closely resemble one from a reputable company by altering or omitting a few characters.
  2. Spoofed hyperlinks and websites are made to look legitimate, but the URL may vary by spelling or site domain.
  3. Poor grammar and sentence structure, misspellings, and inconsistent formatting throughout the message.

Social engineering attacks are becoming more and more sophisticated as attackers tend to disguise themselves as someone you may know and request you to take immediate action, not allowing time to think and identify possible red flags. According to the FBI’s 2021 Internet Crime Report, 323,972 individuals reported being a victim of one of several types of social engineering attacks.

So, what should you do if you believe you’ve fallen victim to a social engineering attack?

  1. Say Something: If you believe you might have shared sensitive information, report it to your organization’s administrators.
  2. Change Your Password: Immediately change any passwords you may have revealed and make sure to also change other accounts that share the same password.  Use strong passwords of at least 12 characters with letters, numbers, and special characters.
  3. Conduct Diligence: If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised.
  4. Inform Authorities: Consider reporting the attack to the police, FBI, and regulatory bodies, and/or file a report with the Federal Trade Commission depending on the situation.

The next time you receive a suspicious email, phone call, or text message, remember what red flags to look out for and act immediately if you’ve fallen victim to a potential social engineering attack. Follow our Twitter and LinkedIn pages all October long as we share more helpful tips and tricks to help you stay safe online.