Social Engineering

Social Engineering is a way that people use normal social interactions to manipulate people to breach security. It isn’t limited to any technology or system, it can be conversation, texting, body language, or email.

The goals of Social Engineering are typically sensitive or personal information, but it can be used to access secure systems. Social Engineering is used for fraud, identity theft, or can be the prelude to a more serious hack.

Usually Social Engineering plays on a person’s expectations and emotions. Sometimes it means a person is pretending to be a delivery person, or they could pretend to be frazzled and running late. They play on our gut reactions in order to bypass our reasoning.

There is no single technology or strategy that can defend against social engineering. Each person is the front line against this kind of intrusion. The critical element to protect yourself and your organisation is critical thinking.

How to Avoid Being a Victim?

Keep your eyes open and ask yourself questions:

  • If someone wants to enter your house, ask yourself if this is really a secure situation? Are you expecting maintenance or a delivery? Is this person from the company that you’d expect?
  • Why is someone asking about details about your work? Is this information that could be used maliciously?
  • How is this person making me feel? Am I feeling sorry for this person who forgot their keycard? Am I feeling intimidated by this bigshot who demands access and information? Am I feeling like I owe this friendly stranger in the cafe?
  • Does this person really have authority? Have I actually seen any of their credentials?
  • Does it make sense for me to be using my financial information in this situation? Am I dealing with a verified and trusted entity?
  • Am I communicating in a secure way? Is this connection secure? Can I be overheard?

These questions might give you a sense that something is off about a situation. Be diligent and double-check information. Verify information with a trusted third party. Don’t take everything at face value.

What to do if you think you are a victim?

  • If you believe your financial accounts have been compromised, contact your financial institution or credit card company immediately. Watch for any unexplainable charges to your account.
  • Document the situation, report the attack to the police and file a report.
  • Check your credit report with:

Equifax Canada

Trans Union Canada

If you believe you might have revealed confidential or sensitive information about your organization, report it to the appropriate Security or Privacy people within your organization.


What additional steps can you take to protect your privacy?

  • Do business with credible companies – Before supplying any information online, verify the credibility, security and integrity of the company.
  • Do not always use your primary email address online. Consider creating an additional email account.
  • Avoid using debit cards for online purchases – Credit cards usually offer some protection against identity theft and may limit the monetary amount.


Resources

Understanding Social Engineering

Welcome!


If you are reading this guide, you are about to embark on a process that will help your organization harness the potential of technology to deliver your mission and best serve your community. Proactively planning for technology is about more than replacing old computers (although that might be part of your plan!). This process will help your organization fundamentally shift the way you approach technology investments toward greater mission achievement and community impact. It will identify opportunities for technology to help you control costs, reduce risk, raise funds, and empower staff.


Strategic technology planning – much like any strategic planning process – is a comprehensive look at the current state and the desired future state for your organization. If you just need some new computers, this may not be the right process. But if you are ready to treat technology as a mission-critical investment that can accelerate your organization’s impact, you are in the right place! Your nonprofit has much to gain from appropriately integrating technology into your operations, communications, fundraising, and service delivery. This guide offers step-by-step support to help you lead your organization through technology planning, resulting in a roadmap to smart technology use.



Acknowledgements


This guide has been produced through the generous support of the Rasmuson Foundation, a private foundation that works as a catalyst to promote a better life for Alaskans. Learn more at www.rasmuson.org. It was written and edited by Lindsay Bealko of Toolkit Consulting, who helps mission-minded organizations design creative communications, engaging education, and powerful programs. Learn more at www.toolkitconsulting.com.


Special thanks to Orion Matthews and Jeremiah Dunham of DesignPT for their substantial contributions to and reviews of this guide to make it as useful as possible to nonprofit organizations who are ready to harness the strategic potential of technology. Learn more and request help with your strategic technology plan at www.designpt.com.


Please help us improve our website by providing your feedback