fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Social engineering attacks: 4 Ways businesses and individuals can protect themselves

Social engineering

What is Social Engineering?

Social Engineering is defined as the “psychological manipulation of people into performing actions or divulging confidential information”. It is a mode of manipulation to deceitfully gain access to another’s valuables, whether it be tangible and intangible stuff. 

In the context of cybersecurity, social engineering can be defined as an attack vector that relies on human interaction and often involves manipulating an individual into breaking cybersecurity procedures to gain unauthorized access to systems, networks, or private personal data.

According to the Singapore Computer Emergency Response Team (SingCERT), the following are the most common social engineering techniques:

1.    Phishing/ Spear Phishing. This is usually carried out by cybercriminals through sending emails with malicious links or attachments which have the distinctive trademarks of an organization that would make it appear legitimate. This is done so that the trust of the unsuspecting victims will be gained and fall under the attacker’s trap. 

2.    Pretexting. Here, the cyber criminals focus on creating a detailed fabricated scenario to steal the victim’s information. They usually come up with a story to trick the unsuspecting target to believe they need information to verify the victim’s identity. They do this by impersonating a government agency, a bank personnel, or even an IT help desk, so that it would appear that the inquiry for the victim’s personal information is legitimate.

3.    Baiting and Quid Pro Quo. Here, the cyber criminals exploit the victim’s curiosity, such as access to confidential information about major events, promise of reward or benefit, or use of freebies and gift certificates to entice the unsuspecting victim in giving their valuable information. 

According to SingCERT, 1 in 4 companies fell into business email compromise scams which involve initiating or intercepting communication of an employee who can release funds or conduct wire transfers. In the past year, Singapore has been targeted the most across Southeast Asia. 

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

How can businesses and individuals protect themselves from social engineering attacks?

To address this situation, a set of guidelines was issued by the Monetary Authority of Singapore which aims to protect users of electronic payments from fraud, errors and security threats, as part of Singapore’s cashless push.  However, as this incidents continue to happen, how can individuals and businesses prevent it from happening? Here are four (4) ways businesses and individuals can use to protect themselves from social engineering attacks:

1. Awareness Campaigns. Companies must see to it that all employees, especially those who are responsible for payment transfers, must be aware of the risk, importance, and presence of such a scam employed by cyber criminals.

2. Establish an internal process in transferring payments. Companies must have a system when it comes to transferring payments. A step-by-step process must be followed to verify further the recipient and to avoid loss.

3. Training for accountants.  Those who handle transfers should have ample training and knowledge in verifying payment credentials. One must also have a system to follow in case there is suspicion upon those persons who claim to be a CEO or the legitimate receiving end.

4. Prepare a worst-case scenario protocol. In the event that there is a successful occurrence of a social engineering scam, the security team must have the necessary steps to do to avoid further losses.

Businesses and individuals must be vigilant in spotting potential scams with those who request payments. One must have the diligence in making sure that the payment credentials are legitimate or else carry the loss of being one of those unsuspecting victims. Social engineering scams are rampant nowadays and there are documented cases that companies must learn from. It is on their hands to use and learn from these past mistakes to prevent them from being part of a statistics.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us