Social engineering attacks and countermeasures

Vising or voice phishing-this when attackers use phone calls to manipulate individuals into providing sensitive information.

The countermeasures put in place are training employees to be cautious with phone for sensitive information.

Also use caller ID verification and call back-procedures.

Quid pro quo-this when attackers promise a benefit in exchange for sensitive information or access.

Countermeasures are establishing policies against providing sensitive information in exchange for rewards.

Educate employees on risks associated requests.

Baiting-malicious file or links are offered enticing users to download or click on them leading to malware installation or credential theft.

Countermeasures are training users to avoid downloading files or clicking on links from untrusted sources.

Also use security software to scan for block malicious content.

Impersonation –where attackers pose as a trusted individual or authority figure to gain access or information.

Countermeasures are implementing multi-factor authentication to verify identities.

And also train employees to verify the identity of individuals requesting information.

Pretexting-when the attacker's pretext to obtain information from individuals or when attackers create a fabricated scenario.

Strict policies s should be established for sharing sensitive information.

Encourage culture of skepticism

Train employees to validate requests for information through proper channels.

Tailgating or piggybacking-this is when gains unauthorized control or physical access to a restricted area following that of authorized persons.

Can be controlled by implementing strict physical security measures such as badge systems and controls of systems.

Encourage a culture of reporting and questioned unfamiliar individuals. 

Phishing –this when attackers send messages, fraudulent emails, websites or impersonating trusted entities to trick users into revealing sensitive information.

This can be counter measured by implementing email filtering and use ant-phishing tools.

Also, verification of authenticity of requests through multiple channels

Educating users about recognizing phishing attempts

key countermeasures mainly

1) Educating of employees to ensure there is security awareness

2) Conduct assessments and security audits to identify vulnerabilities

3) Have well placed plan to respond for mitigation of impact of social engineering incidents

4) Establish policies regarding handling of sensitive information