Anatomy of a social engineering scam
A convincing social engineering scam which targeted Centrify employees in 2014 and 2015 can be avoided if companies take steps to carefully check emails which ask for money transfers, says CEO Tom Kemp.
Sourced through Scoop.it from: www.computerworld.com.au
Social engineering is the most successful method to breach security. Again, and again you read about it in the news. Some simple ways to minimize the risk:
1. Never send orders, wire transfer instructions over a public channel like email. Use an internal system/app for that.
2. All transactions should be multi-factor authenticated.
3. Be paranoid. If it looks out of the ordinary, call and verify
4. Keep the employees on their toes. Set up a breach bounty program where you do unannounced tests of their alertness, and give bonuses to the ones that catch the bogus mail.