The Top 5 Social Engineering Strategies That Threaten Your Business

The Top 5 Social Engineering Strategies That Threaten Your Business

Cybersecurity is complex in that, regardless of how much you invest in it, there will always be one primary vulnerability – people. While your systems may not be so easy to crack, cybercriminals enjoy manipulating peoples’ fallible judgement using social engineering strategies designed to gain access to your company’s confidential information. 

In a recent study, the Federation of Small Business found that 66% of its members had been victims of a cyber attack in the last two years. Of these attacks, a very small percentage had been down to sophisticated and malicious code. In fact, in 86% of cases, the attacks were social engineering scams.

These are 5 of the most common social engineering strategies:

1) Phishing – You’ve probably already heard of this one. Phishing is when emails are sent from an allegedly trusted source, such as your bank, HMRC, your own IT department etc. and ask for sensitive information ranging from passwords to bank details. These emails normally include links to pages that look like the real website to collect the information. An example of this would be a mass email sent out to your staff asking them to reset their passwords, asking that they enter in their current passwords in order to reset. 

2) Spear Phishing – This is a more direct form of phishing. Spear Phishing is a specialised attack on one person in the company. For instance, this could be someone in accounting with access to sensitive information.

3) Physical Baiting – This is when a criminal plants a piece of hardware, such as a USB stick or CD, that has been infected with malware in the hope that someone will load it onto a computer.

4) Pretexting – This is when an attacker poses as someone within your company or someone that you would regularly do business with. This could be a senior member of staff, a supplier or manager who creates a false urgent scenario that would compel someone to share their details. 

5) CEO Fraud – This is where a criminal impersonates the CEO or another senior member of the company in order to pressure someone who is able to initiate payments to transfer money into a specific bank account.

Protecting against social engineering strategies is simple as long as you implement the following strategies:

• Establish a process for requesting and authorising payments that requires two points of contact.

• Organise a procedure for what employees should do if they receive an unusual or suspicious email.

• Provide your entire staff—from the directors and officers all the way down to the interns—with comprehensive cybersecurity training to ensure that they know how to identify and manage cybersecurity threats.

Risk management alone is no match for today’s sophisticated cybercriminals. To ensure your company stays protected, pair your cybersecurity efforts with a comprehensive cyber insurance policy. Contact Cyberguru and request your quote today! 


9 Albany Park, Cabot Lane, Poole, Dorset, BH17 7BX
t. +44 (0)330 1240730
e. This email address is being protected from spambots. You need JavaScript enabled to view it.

© Insync Insurance Solutions Ltd 2016 All rights reserved. Cyberguru is a trading style of Insync Insurance Solutions Ltd which is authorised & regulated by the Financial Conduct Authority where our reference number is 766691. Our registered office is Midland House, 2 Poole Road, Bournemouth, Dorset BH2 5QY and we are registered in England under company number 08810662. Should you have cause to complain, and you are not satisfied with our response to your complaint, you may be able to refer it to the Financial Ombudsman Service, which can be contacted as follows: The Financial Ombudsman Service Exchange Tower, London, E14 9SR | Tel: 0800 023 4567 or 0300 123 9 123 | | Terms of Business