When Sophos Phish Threat was released in January, we pointed out that:
- Email remains one of the most problematic sources of infection; and
- It’s the ordinary, well-meaning people who often let poisonous emails into their organizations.
Sophos is the same as any other business – we need to keep our employees (and the company) safe, while at the same time we need to give people the freedom to do their jobs.
Our employees want to be helpful, perform well, and give good support to their co-workers, clients and customers. But good nature is exploitable and it’s those easy-to-exploit characteristics that social engineers seek to tap into.
As an attacker, it’s usually easier to try and push past a human than to try and push past a machine. Unless we understand the tactics and techniques of cybercriminals, people may well fall prey to attacks and put the company at risk at the same time.
Welcome to our What is… series,
where we turn technical jargon into plain English.
It’s a key part of criminal activities, often an important step in phishing campaigns. But what is social engineering, exactly?
Social engineering is the act of manipulating people into taking a specific action for an attacker’s benefit. You might think it sounds like the work of a con artist – and you’d be right.
Since social engineering preys on the weaknesses inherent in all of us, it can be quite effective. And without proper training it’s tricky to prevent.
If you’ve ever received a phishy email, you’ve seen social engineering at work. The social engineering aspect of a phishing attack is the crucial first step – getting the victim to open a dodgy attachment or visit a malicious website. Continue reading
In celebration of April Fools’ Day, we decided to have a little fun with the staff at our global headquarters in Abingdon, UK. Lots of us participated in the joke — whether knowingly or not — but it was fun and came with some positive lessons.
Our little prank involved setting up an exercise bike in one of our lifts (that’s an elevator, for all you Americans) and telling everyone they needed to pedal the bike to make the lift go.