{"id":20470,"date":"2023-10-12T04:32:02","date_gmt":"2023-10-12T08:32:02","guid":{"rendered":"https:\/\/www.sage.com\/en-us\/blog\/?p=20470"},"modified":"2023-10-12T05:04:40","modified_gmt":"2023-10-12T09:04:40","slug":"get-savvy-about-engineering","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-us\/blog\/get-savvy-about-engineering\/","title":{"rendered":"Why you should get savvy about social engineering\u00a0"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-us\/blog\/category\/technology-innovation\/\" class=\"entry-header__link\">Technology &amp; Innovation<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tWhy you should get savvy about social engineering\u00a0\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2023-10-12T04:32:02-04:00\">October 12, 2023<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"Why you should get savvy about social engineering\u00a0\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-us\/blog\/get-savvy-about-engineering\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\n<div class=\"wp-block-post-author has-dark-background-color alignfull\">\n\t<div class=\"container\">\n\t\t<div class=\"col\">\n\t\t\t\t\t\t\t<div class=\"co-authors\">\n\t\t\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-us\/blog\/author\/madshoward\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/Mads-Howard-350x350.jpg\" class=\"entry-author__image\" alt=\"mads-howard\" \/>\t\t\t\t<span class=\"entry-author__name\">Mads Howard<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Secure at work, secure at home<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">Everyone knows about a scam that they or someone they know, has fallen for. Although we understand by using the internet and digital services, we run the risk of being targeted by cyber criminals, many organizations don\u2019t know where to start.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Attacks which use social engineering can cause harm and it is important to understand what they are and how to spot them.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">In this blog, you can find out how you can protect yourself and your business from social engineering, especially phishing.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Social engineering&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">These scams are usually based on what we call \u201csocial engineering\u201d attacks which is a broad term for techniques to trick someone into doing something they wouldn\u2019t normally do, so an attacker can gain information or access computer systems to commit crime.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">The most common form of social engineering is phishing. Email is the \u201cfront door\u201d for most organizations. Attackers know that most people receive so much email about so many different topics, even the most cyber-aware employees can let their guard slip from time to time.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to spot phishing emails and how to deal with them?<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">Phishing refers to fraudulent or fake emails, designed to trigger an emotional response to impair someone\u2019s decision-making. Under pressure, they are more likely to reveal information such as a password or even be tricked into doing something they wouldn\u2019t normally.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Phishing attacks usually happen via email but can also be through text messages, WhatsApp, or even phone calls. Regardless of how or where they happen, having the knowledge and confidence to spot phishing attacks is important to protect you and your business.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Under pressure<\/strong>&nbsp;&nbsp;<\/h2>\n\n\n\n<p class=\"\">An attacker using phishing or other social engineering techniques is seeking to make someone feel emotional or under pressure and may claim to be a reputable source. Your employees should always be cautious if there is a sense of urgency, or if they are being asked to do something they wouldn\u2019t normally do such as login in a different way or transfer money.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Criminals may use online resources such as LinkedIn to learn about employees and your organization and tailor their phishing emails to appear legitimate. It is common for phishing emails to appear as if they are internal emails or \u201cspoofed\u201d to appear to come from a known source, such as a business contact. At first glance, the email addresses will match, but there may be a character out of place, or the details of the sender may reveal an alternative, anonymous address.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Research has shown however that spending too much time considering the specifics as a regular user can be counterproductive as it can lead to confusion and uncertainty. However, it can be helpful to practice looking at emails mindfully as usually there is something about the way the message is conveyed that doesn\u2019t quite <em>feel <\/em>right. Understanding this is a powerful tool for employees to nurture so that they can respond in slow time and raise any red flags if they feel unsure. If in doubt, report.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Common themes that are used in scams can include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Asking the victim to use their business credentials to login via a webpage to access something, such as a file which has been shared.&nbsp;<\/li>\n\n\n\n<li>Asking the victim to download and install an important update, such as a security patch.&nbsp;<\/li>\n\n\n\n<li>Collecting a prize or some other unexpected financial gain.&nbsp;<\/li>\n\n\n\n<li>Scare tactics such as an overdue invoice and the threat of turning off a service.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Requests to donate to a charitable organization, often following a humanitarian crisis such as an earthquake.&nbsp;<\/li>\n\n\n\n<li>Open email attachments, which can be hiding viruses or malware&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"\">The best way to protect against phishing is to make sure your employees know to expect it and know where to report it. Remember\u2014there is no such thing as over-reporting! Far better to hear about 9 false positives but catch the one malicious email.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Real-world examples are also powerful. If someone reports a phishing attempt, then this can be shared with everyone to both highlight the threat and celebrate someone\u2019s vigilance in reporting it.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What you should look out for&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">While a phishing attack could come at any time, attackers also use current events and seek to capitalize on external contexts. For example, there is always an increase in attacks around public holidays, elections, natural disasters, health scares, or any other major national or international event.&nbsp;<\/p>\n\n\n\n<p class=\"\">Although it can feel worrying for employees, you can reduce their uncertainty by letting them know they can report anything they are unsure about and if in doubt, ask.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">Some specific things you can highlight to people in your organization are:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unsolicited emails, phone calls, or text messages that ask for information.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Communications, by email or text, that do not include your name, a return address, and include poor grammar, inconsistent spellings, and layout.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Suspicious attachments\u2014an email that asks you to download an attachment is a common way that a cyber criminal may gain access to your system.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"\">If in doubt:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never provide personal information or information about your organization unless you are certain of who you are talking to.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Never provide personal information in email or click on links sent in an email.&nbsp;&nbsp;<\/li>\n\n\n\n<li>If you are ever unsure, contact the company directly to verify it.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What to do if you or one of your employees has been a victim of a phishing attack?<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">If you suspect that you&#8217;ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage:&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li>Report it to your IT team and they or you can change the information which has been revealed. For example, change any passwords or PINs on the account or service that you think might have been compromised.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>If the details are for an external service, then contact the relevant the service provider directly.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Routinely review your bank and credit card statements for unexplained charges or enquiries that you didn&#8217;t initiate.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Contact the authorities. In the US this is the <a href=\"https:\/\/www.cisa.gov\/report\" target=\"_blank\" rel=\"noreferrer noopener\">National Cybersecurity Communications and Integration Center (NCCIC)<\/a> <a href=\"https:\/\/www.ic3.gov\/\" target=\"_blank\" rel=\"noreferrer noopener\">but most countries will have a similar reporting service.<\/a>&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Receiving counterfeit emails which appear to be from Sage<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">If you receive an email which appears to come from Sage but makes you suspicious, then please report it to us. To safely report the email you suspect is counterfeit, without opening any attachments or replying to the email, please do the following:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a new email &gt; attach the email you suspect is counterfeit &gt; send the email to <a href=\"mailto:reportabuse@sage.com\" target=\"_blank\" rel=\"noreferrer noopener\">reportabuse@sage.com<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Alternatively, forward the email to <a href=\"mailto:reportabuse@sage.com\" target=\"_blank\" rel=\"noreferrer noopener\">reportabuse@sage.com<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"\"><strong>Note:<\/strong> Sending the counterfeit email as an attachment is the best way to preserve information which will make it easier for us to trace its origins.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Key takeaways&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Employees should know there\u2019s no such thing as over-reporting when it comes to phishing.&nbsp;<\/li>\n\n\n\n<li>Anything that makes someone feel nervous, anxious, under pressure, or emotional means they should proceed with caution.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set strong passwords for personal email and work email. Enable 2-Factor-Authentication or 2FA on all accounts.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final thoughts<\/strong>&nbsp;<\/h2>\n\n\n\n<p class=\"\">As more services move online, it is becoming increasingly important to empower yourself and your employees with cyber security knowledge, and what you and they can do to protect your business.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"\">In our <a href=\"https:\/\/www.sage.com\/en-us\/trust-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Trust and Security Hub<\/a>, you can explore essential advice on how to be secure at home and at work, before incidents occur.&nbsp;<\/p>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to our Sage Advice Newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Get our latest business advice delivered directly to your inbox.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-ab515c6e-7e90-4c2f-a67e-113872516e8b\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1073797282-1440x810.jpg\" class=\"single-cta__image\" alt=\"Working from home with tea in hand\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/GettyImages-1073797282-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Learn how to protect yourself and your business from social engineering attacks, especially phishing, the most common form.<\/p>\n","protected":false},"author":1726,"featured_media":20185,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[48],"tags":[486,154],"business_type":[40,41],"lilypad":[],"context":[],"industry":[],"persona":[],"imagine_tag":[480],"coauthors":[941],"class_list":["post-20470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology-innovation","tag-security-fraud","tag-technology","business_type-small-business","business_type-growing-business"],"sage_meta":{"region":"en-us","author_name":"Mads Howard","featured_image":"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2023\/09\/GettyImages-1190223207.jpg","imagine_tags":{"480":"Security Fraud"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice US","distributor_original_site_url":"https:\/\/www.sage.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/20470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/users\/1726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/comments?post=20470"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/20470\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media\/20185"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media?parent=20470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/categories?post=20470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/tags?post=20470"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/business_type?post=20470"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/lilypad?post=20470"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/context?post=20470"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/industry?post=20470"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/persona?post=20470"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/imagine_tag?post=20470"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/coauthors?post=20470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}