Five Ways to Spot a Social Engineering Attack

Oct 12, 2017 | First Person

By Joy Beland, president of Pink Hat Technology Management and member of NAWBO-Los Angeles

As featured on

“I’m not going to make payroll—we’re going to close our doors as a result of the fraud.”

Unfortunately, that statement is becoming more common among smaller businesses, according to Mitchell Thompson, head of an FBI financial cybercrimes task force in New York. But don’t take a stranger’s word for it—one of my longtime friends and colleagues had this happen to his non-profit last year. It was a $40,000 mistake that they are still recovering from.

The FBI reports that since October 2013, more than 12,000 businesses worldwide have been targeted by social engineering-type cyber scams, netting criminals well over $2 billion. And those are just the reported cases. Often, due to customer relationships, PR or other concerns, incidents go unreported.

These unfortunate events were triggered by a particularly nasty form of cyberattack known as “social engineering.” Social engineering is a method cyber con artists use to lure well-meaning individuals into breaking normal security procedures. They appeal to vanity, authority or greed to exploit their victims. Even a simple willingness to help can be used to extract sensitive data. An attacker might pose as a coworker with an urgent problem that requires otherwise off-limits network resources, for example. They can be devastatingly effective and outrageously difficult to defend against.

The key to shielding your network from this threat is a keen, ongoing awareness throughout your organization. To nip one of these scams in the bud, every member of your team must remain alert to these five telltale tactics:

The problem with social engineering attacks is you can’t easily protect your network against them with a simple software or hardware fix. Your whole organization needs to be trained, alert and vigilant against this kind of incursion.



Skip to content