![\"A](\"https:\/\/www.policybee.co.uk\/blog\/wp-content\/uploads\/2023\/07\/social-engineering-concept-istock.png\")
<\/figure>\n<\/div>\n\n\nCybercrime is a big problem in the UK. It costs our economy an estimated \u00a321 billion a year<\/a>.<\/p>\n\n\n\n And there\u2019s no bigger and more devious culprit in cybercrime than social engineering.<\/p>\n\n\n\n It affects everyone. Whether they\u2019re a business owner or a private citizen.<\/p>\n\n\n\n Ever received a dodgy-looking email from ‘your bank’? Or won a ‘competition’ where you just need to give some details to claim a grand prize?<\/p>\n\n\n\n Yeah? Then chances are that someone was trying to catch you out using social engineering.<\/p>\n\n\n\n In fact, it\u2019s such an effective technique that it\u2019s used in up to 90% of all data breaches<\/a>.<\/p>\n\n\n\n Cybercriminals love messing with your head. Why? Because it works.<\/p>\n\n\n\n The government know this. And they\u2019re trying to combat the problem.<\/p>\n\n\n\n In 2022, they published an 84-page, eight-year cyber security plan<\/a>. If you\u2019re struggling to sleep, then this page-turner is for you.<\/p>\n\n\n\n It is important, though. And combating social engineering attacks is one of their priorities.<\/p>\n\n\n\n But it\u2019s not just up to them. We all have to do our part. And a lot of it comes down to training yourself to spot these attacks before they affect you.<\/p>\n\n\n\n So let\u2019s delve into the world of social engineering and find out a few ways that you can protect your business against it.<\/p>\n\n\n\n <\/p>\n\n\n\n Social engineering isn\u2019t specific to cybercrime.<\/p>\n\n\n\n People have used it for thousands of years. In its most basic form, it\u2019s using deception and manipulation to get someone to reveal information or do something.<\/p>\n\n\n\n A good example of this in modern times is con artists. The movie \u2018Catch Me If You Can\u2019, anyone?<\/p>\n\n\n\n It just so happens that it\u2019s really effective online as well.<\/p>\n\n\n\n But why does social engineering work on us?<\/p>\n\n\n\n Well, a lot of the time it comes down to simply not expecting it. Our minds aren\u2019t prepared to be deceived so we don\u2019t look for the warning signs.<\/p>\n\n\n\n Sometimes it also targets our willingness to see what we want to see. Getting a perfectly timed email with just the sort of message you were waiting for makes it more likely you’ll fall for it.<\/p>\n\n\n\n It\u2019s a devious tactic. But how does it work in the world of cybercrime?<\/p>\n\n\n\n <\/p>\n\n\n\n There are loads of different types of social engineering attack. More than we could ever list here.<\/p>\n\n\n\n But knowing about the most common ones can save you a lot of trouble. So we\u2019ll focus on three that you can look out for.<\/p>\n\n\n\n <\/p>\n\n\n\n First, we have baiting. This uses a false promise to convince someone to buy in to it. Like a fake competition win or an inheritance.<\/p>\n\n\n\n There\u2019s even a physical form of baiting. A great example of this is a cybercriminal leaving a USB drive in a public area. They\u2019ll label it something enticing, like company payroll. When the unfortunate target puts it into their computer to check it, they\u2019re infected with malware<\/a>.<\/p>\n\n\n\n <\/p>\n\n\n\n Next, there\u2019s <\/strong>pretexting. Here, the attacker will gradually obtain information from someone by impersonating someone they know. Like a coworker, their bank, or even a family member.<\/p>\n\n\n\n Let\u2019s say they\u2019ve managed to hack your boss\u2019 email. They see that you\u2019re discussing payment transfers for a client. So they jump into the email chain, impersonating your boss. They then ask you to transfer money to a new bank account.<\/p>\n\n\n\n The critical thing here is that they\u2019ll copy your boss\u2019 email style. Like their sign-off and certain words they use.<\/p>\n\n\n\n <\/p>\n\n\n\n Finally, we have the crown jewel of social engineering: phishing.<\/p>\n\n\n\n Phishing is the most common form of social engineering and involves an attacker creating a version of a website. Common examples might be your bank or package delivery service.<\/p>\n\n\n\n In 2022, it was estimated that over 1.3 million<\/a> of these fake phishing websites were active on the web. And that a new one was popping up every 20 seconds<\/a>.<\/p>\n\n\n\n They then carefully craft an email or text that points to this website.<\/p>\n\n\n\n It might, for example, tell you that there\u2019s a problem with a recent payment. And then ask you to log in to sort it out.<\/p>\n\n\n\n Then, when you click on the link in the email you\u2019re taken to the fake website. Once you log in, the attacker has your password and they\u2019re off to the races.<\/p>\n\n\n\n Once they\u2019ve got your details, you might be in for a bit of trouble\u2026<\/p>\n\n\n\n <\/p>\n\n\n\n So, what happens after you\u2019ve fallen for a social engineering attack? Or one of your employees has?<\/p>\n\n\n\n Well, it depends on what information the attacker has gotten their hands on. The first thing you must do is report to the Information Commissioner\u2019s Office (ICO)<\/a> that you\u2019ve been breached.<\/p>\n\n\n\n You\u2019ll then need to speak to your data protection officer<\/a>, if you have one. They can help guide you through the process.<\/p>\n\n\n\n The long and short of it is, speak to an expert. Even if you think the breach was contained or nothing was stolen.<\/p>\n\n\n\n You\u2019re probably also wondering: \u2018how much is a successful social engineering attack going to cost my business\u2019?<\/p>\n\n\n\n It\u2019s difficult to pinpoint exactly how much. Average amounts vary wildly. It depends on a few things:<\/p>\n\n\n\n For smaller businesses, it could cost hundreds or even thousands of pounds to clear up the mess. Larger businesses face much higher costs, potentially hundreds of thousands or millions of pounds.<\/p>\n\n\n\n Rather than worrying about a successful attack, let\u2019s talk about prevention.<\/p>\n\n\n\n <\/p>\n\n\n\n Preventing social engineering attacks comes down to one thing: education and training.<\/p>\n\n\n\n At the end of the day, these kinds of attacks succeed or fail based on whether someone falls for them.<\/p>\n\n\n\n If you can educate and train yourself and your team, you\u2019ll lower your chance of falling victim to them.<\/p>\n\n\n\n One way to do this is by finding a good training provider<\/a>. They can help you get everyone up to speed.<\/p>\n\n\n\n Once everyone is trained, they can also run regular tests for you. This is where they\u2019ll send around a phishing email that they\u2019ve created. They\u2019ll then monitor how many people fall for it, so that extra training can be given to those who need it.<\/p>\n\n\n\n And if you are breached at some point, there\u2019s always cyber insurance\u2026<\/p>\n\n\n\n <\/p>\n\n\n\n At some point, you\u2019ll probably fall victim to a social engineering attack.<\/p>\n\n\n\n Mistakes happen. We\u2019re all human.<\/p>\n\n\n\n Cyber insurance<\/a> is the last line of defence. It helps to protect your business from the repercussions and financial problems you might experience after a breach.<\/p>\n\n\n\n It also:<\/p>\n\n\n\n For most policies, you’ll need to add on social engineering insurance (and financial cybercrime) as an extra. The same goes for business interruption, if you’d like some financial assistance while you’re recovering from a cyber-attack.<\/p>\n\n\n\n If you\u2019re unsure, read your policy wording carefully. Or ask your insurer or broker if you\u2019re covered for social engineering attacks.<\/p>\n\n\n\n <\/p>\n\n\n\n Social engineering attacks are tricky. Without the right training and support, it\u2019s easy to fall victim to these carefully crafted traps.<\/p>\n\n\n\n The way to combat them is to stay ahead of the game. As well as making sure your team are social engineering boffins, a cyber insurance<\/a> policy can save you when a mistake does happen.<\/p>\n\n\n\n Read more about cyber insurance and what it covers<\/a>. Or give us a ring at 0345 222 5391<\/strong> to chat with one of our expert advisers.<\/p>\n\n\n\n Image used under license from iStock.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Cybercrime is a big problem in the UK. It costs our economy an estimated \u00a321 billion a year. And there\u2019s no bigger and more devious culprit in cybercrime than social engineering. It affects everyone. Whether they\u2019re a business owner or … Continue reading What is social engineering?<\/h2>\n\n\n\n
What are the different types of social engineering attack?<\/h2>\n\n\n\n
Baiting<\/h3>\n\n\n\n
Pretexting<\/h3>\n\n\n\n
Phishing<\/h3>\n\n\n\n
Tilting the scales<\/h2>\n\n\n\n
\n
Education, education, education<\/h2>\n\n\n\n
If all else fails\u2026<\/h2>\n\n\n\n
\n
Stay ahead of the game<\/h2>\n\n\n\n