4 Types of Social Engineering Attacks to Watch Out For

4 Types of Social Engineering Attacks to Watch Out For

4 Types of Social Engineering Attacks to Watch Out For
Dan Buschbacher, RPLU MLIS
Oct 17, 2022
LinkedIn Icon

Cyber liability exposure is a risk for nearly every business. Small businesses have become increasingly attractive to hackers. Small business owners usually lack the time, knowledge, and budget to secure their data.

Companies must have a sense of urgency when it comes to phishing scams created by bad actors. While you can’t prevent human error, you can set up security policies.

Let’s explore more about social engineering attacks and how your small business can build a positive security culture.

What is Social Engineering?

The International Risk Management Institute defines social engineering as the following:


"The art of manipulating people in an online environment, encouraging them to divulge—in good faith—sensitive, personal information, such as account numbers, passwords, or banking information.”


Social engineering also includes the "engineer" requesting a wire transfer from the victim who believes it is a financial institution or prior business relationship. The victim learns later that their money has landed in the account of the "engineer."

4 Types of Social Engineering Attacks

types of social engineering attacks

Cybercriminals use different methods to deceive you. Let’s review four common types of social engineering threats and be mindful of these warning signs.

1. Phishing

Malicious email messages trick individuals into clicking malicious links, opening infected attachments, or sending financial payments. The email address appears to be sent from reputable sources, but they are really from cybercriminals.

2. Smishing

Messaging attacks are geared towards persuading individuals to click malicious links. They can  happen via SMS, texting, or other messaging platforms. Smishing messages are more informal and personal than phishing emails. So, it’s easier for individuals to become potential victims.

3. Spoofing

Spoofing is the fraudulent representation of information communicated through phone calls, email accounts, and websites. It allows cybercriminals to modify web pages sent to individuals and observe information entered by victims, like credit card details.

4. Brushing

Online vendors use personal information, like a name or home address, to create fake orders, send unsolicited merchandise, and write fabricated positive reviews on their behalf.

Small Businesses and Social Engineering Attacks

According to the 2022 Data Breach Investigations Report, ransomware for small businesses has continued its upward trend with an almost 13% increase this year.

So, why do cybercriminals attack small businesses when large businesses have deeper pockets? It's all about controls. Small business owners have to wear many hats, from sales to account management to HR coordinator.


Being spread thin means controls tend to take a backseat. But just like how you wouldn't get up on a roof without a safety harness, you can reduce the chances of catastrophic injury, financially in this case, by taking a few risk avoidance steps. 

How Small Businesses Can Avoid Being Victims

three don'ts of cybersecurity

To avoid cyber threats, be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. 


  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.


  • Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information, including clicking links sent in the email.


  • Do not send sensitive information (like login credentials) over the Internet before checking a website's security.


Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with "HTTPS"—an indication that sites are secure—rather than "HTTP”. Also, look for a closed padlock icon—a sign your information will be encrypted.


If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use the contact information provided on a website connected to the request.


Install and maintain anti-virus software, firewalls, and spam filters. Take advantage of any anti-phishing features offered by your email client and web browser. Plus, use multi-factor authentication to protect your business.


And just like when you get up on a roof, pick up an insurance policy designed to protect you when things go wrong. Invest in a Cyber Liability policy with a Social Engineering extension and sub-limit. Here’s a cyber insurance coverage checklist.

Sticking to the topic of everyday cyber exposures, let’s discuss the Internet of Things (IoT).

What is the Internet of Things?

what is the internet of things

Amazon Web Services defines the Internet of Things as:


“The collective network of connected devices and the technology that facilitates communication between devices and the cloud, as well as between the devices themselves."


So, what does this mean? 


Do you have a Ring doorbell? A Nest thermostat? Or maybe an Alexa in the living room? 


It’s all the connected devices around you and on your person that communicate with each other and the web. Just looking at my home office desk, I have a smart bulb in the light, a smart speaker, and my watch. 


If I went into the kitchen, I have even more smart devices like the thermostat and vacuum. Small businesses have a similar setup.


All of this convenience doesn't come without risk. Each one of these devices is a little data collector and many have microphones that are passively listening. And each one with its IP address can be an access point to your network. 


A cybercriminal can get unauthorized access to your bank account passwords shared with your digital assistant. Hey Siri, please broadcast my social security number across the web.


They can get into your network through one of these devices and launch a ransomware attack making your business network useless until you pay for access. They can also use your devices as bots to deliver computing power for a DDOS attack.


There have already been high-profile stories of hackers getting access to customers’ personal information. In 2015, cybercriminals hacked Jeep to access everything from steering to acceleration to braking in 1.4 million vehicles were affected. Imagine driving and suddenly someone else takes control of your car.

IoTs and Protecting Your Small Business

The number one thing you can do is use strong passwords. A password manager can help because it can create random passwords for devices and websites. It will save your passwords for access under one master password. So, you have to remember less and get better security too. 


Change the default settings on your business router. Hackers are looking for open networks and networks with the names of the router manufacturer because those are the easiest to gain access to. 


Start using guest networks. Share your high-speed internet with customers on a specific network., They can't access any of your business files. If your guest's mobile device becomes compromised, you don't have to worry about downstream impacts. 


Use a robust encryption method, like WPA, for your wifi access. And of course, pick up a Cyber Liability policy for when things go wrong. 

Prepare for Social Engineering Attacks

Your small business can’t completely avoid social engineering attacks. The key is to prepare in advance with a cybersecurity strategy. So, contact your insurance agent and tell them to get you a Pathpoint quote today.


More From Our Blog

Explore all posts