Can social engineering attacks be detected?
Social engineering attacks usually have signs that can be spotted if you know what they are. However, since there are different types of social engineering attacks, it can be harder to know when to look for them. In short, any time information is exchanged in some form of communication, it is possible a social engineering attack can be taking place. This includes all forms of verbal and non-verbal communication.
The following sections will cover the top 5 signs a social engineering attack is taking place and telling you what to do when it is happening. The goal is to make you more aware of how the attacks can be spotted and what you can do about it.
1. The feeling of urgency
The message will try to make you feel like you must act now or else. This is usually done by trying to make you feel afraid or excited so you will want to rush to give them what they want. For example, it can be an email saying something like “give us your details and you get a £1000 reward”. If a message heightens an emotion making you want to rush to respond, it may be a social engineering attack. To protect against this, wait 90 seconds before responding to anything and then go over the message again, to see if it still seems legitimate.
2. The questions
The questions asked can sometimes be a dead giveaway that someone is trying to perform a social engineering attack. This can be either through the number of questions asked, or the type of questions. For example. If a “salesperson” you don’t know keeps asking questions about where data is stored, what security you have, they could be a malicious attacker posing as a salesman. Also, if the questions are about your password or “memorable answers”, this is a red flag that you are being targeted. A control to protect against this is always a question IF someone should be given the answer to the question they are asking.
3. No proof of who they are
A sign also helps enforce the others is a lack of reliable information on who they are. This means if they tell you their name and business, but you cannot find any evidence of their “real” identities, this could be a sign you are being targeted. So when “Jack the ‘it’ guy” calls, make sure you can verify the details given to you and confirm their identity. This can partly be done with the next section.
4. The contact details
If someone provides details that cannot be contacted or do not exist, this is a sign someone is trying to social engineer you. An example is if Jake calls from a “personal number” and insists not to use the official number for their department because the system is “down”. This could be an attacker covering up their real intentions to look legitimate, meaning if you call the number, someone else will likely be on the receiving end. To check this, insist on calling them back on the official contact details that are available online (or within your business).
5. A personal message with wrong information
This is most prominent in emails but has also been used in other forms of communication such as phone calls. An attacker will send you a message which looks like it is personally addressed to you, but the information about you is incorrect. So, you will get a message like “Hi Jen23, I am a friend of a friend …”. The attacker will be using information about you to make you feel a connection so that you are more willing to respond. To check this, question the target on information about you that isn’t available online, OR don’t respond if you feel it is not a genuine message.
In conclusion, we have covered possible signs for a red team attack with ways to spot them and protect against them. Some attacks may only show 1 or 2 of these signs, meaning they will be harder to spot, but the right training will make it easier. In short, be aware, stay alert, and question all assumptions.