Social engineering is a technique used to effectively infiltrate an organization undetected by gaining the trust of those who work there.
To gain trust, cybercriminals may call or email an individual, impersonate a “real” business, and use technical, interpersonal, and psychological methods to acquire financial and personal information, such as login credentials, credit card numbers, bank account numbers, and social security numbers.
These types of social engineering attacks may only be the beginning phase of a much larger attack. A cybercriminal could trick a victim into sharing their employee username and password, then use that same login information to plant ransomware on their employer’s network. Social engineering scams could put employees, contractors, and the network at risk.
According to IBM’s 2023 Cost of a Data Breach (ibm.com/downloads/cas/E3G5JMBP), the average cost of a social engineering attack is $4.76 million.
Here is a list of best practices that can help avoid a social engineering attack:
n Limit. Be careful sharing information online about your family, job, or other personal details.
n Verify. If you receive a request for information, make sure the person or company is legitimate. Never send information if you have any doubts.
n Report. If you suspect you are being targeted on your USPS-issued device, immediately call the Cybersecurity Operations Center at 866-877-7247 or send an email to CyberSafe@USPS.gov.
Visit the CyberSafe at USPS® Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber) pages for more information, as well as the Monthly Awareness Campaigns page at blue.usps.gov/cyber/communications.htm.
— Corporate Information Security Office,
Chief Information Security Officer, 5-2-24