For as long as there have been cyber-criminals, there have been social engineers, or people who use tricks and scams to force other people to volunteer sensitive information. There are several ways to use social engineering to acquire valuable information like account passwords and bank accounts, but avoiding these scams comes down to one thing: training. Let’s take a look at some of the easiest ways for you to help your MSP clients to avoid one of these scams.
Manipulation not brute force
As more and more of our information moves into the digital realm, criminals are turning to social engineering to trick people into trusting them with their delicate information. People often trust others too easily and make themselves the targets of easy attacks from criminals. These attacks may come in the form of messages, baiting scenarios, fake company responses, and many others. Training your clients to recognise these is the best way to reduce incidents of cyber-crime.
Most often, messages are sent to users in the form of an email that might contain a link or something to download. A common one is an email stating that an invoice is attached 'for your records' and asking you to open it. Although they may look legitimate, these emails often contain viruses; therefore its vital that you educate your clients and their staff to be careful with all email attachments and inbound messages. Always advise caution and offer a few tips on how to recognise tell-tale signs of spoof senders.
Mirroring a client response
In another scenario, criminals will bait their targets with “confidential information regarding their account.” This may come in the form of fake company messages that appear to be responses to your claims, which are followed up by a request for login details. While victims believe they are slamming the door on a crime by providing their information, they’ve actually provided their attackers with the keys.
How to help your clients
There are several ways you can help your clients to avoid becoming victims of social engineering. First, make sure that you support them with the best SPAM filtering solution you can find so that it removes the most obvious SPAM messages from arriving in the first place
Then advise clients that they should research sources before responding to claims from a company -- even if it seems like the one you normally use. I often recommend that clients should never open or respond to an email if they have even a glimmer of suspicion as in a fast moving world a legitimate sender will often follow up an email with a call if its not actioned quickly - that call is itself a verification of legitimacy.
Recommend to clients that they confirm the destination of any link before clicking on it. Sites like bit.ly are often used to shorten long and cumbersome links, but because users have grown accusomted to them they are often used to hide malacious misdirections.
Never lets clients give out sensitive information that includes their password, bank information, social security, or any other private details. No respectable financial institution will request this type of information through email or a site other than their own - so thats the most important message to drill home within your clients.
Last but not least, ensure that you have employed the best antivirus software. While the strength of social engineering lies in the fact that it’s people-driven rather than technology-driven, antivirus software can help detect and prevent requests from known cybercriminals, even if its a last resort. You may be interested to read about the recent migration to Webroot from an MSP Real-Life perspective here
Cyber security is essential to the success of any modern business and its your role as the trusted adviser to your clients to ensure you have done all you can to protect them - but - its also about education and training with the client taking some responsibility to protect themselves against the most obvious of threats. Striking that balance is difficult but at MSP Wingman we can offer you the tools and skills to improve and build trust with your clients.