-1240-410.png)
Social engineering, have you heard of it? Chances are that this term is unfamiliar to you, but you have had to deal with it before. It is an increasingly common threat aimed at human interaction and manipulation.
How does social engineering work?
In this form of manipulation, criminals try to trick you into revealing confidential information. Using psychological tricks, they try to gain your trust so that you reveal sensitive information such as passwords, financial data or trade secrets. They play on emotions by, for example, making you curious, gaining trust, instilling fear or capitalising on your ignorance.
What forms of social engineering are there?
Phishing
This is the most common form of social engineering. Cybercriminals pose as a trusted party with the aim of obtaining sensitive information such as usernames, passwords and credit card details. This is often done through emails, (WhatsApp) messages or websites that look legitimate but are actually deceptive. You are then usually urgently called to action, such as opening a link, updating account details or helping a family member. This is how the cybercriminal gains access to your account.
Spear Phishing
In this targeted version of phishing, cybercriminals target specific individuals or organisations. They use personal information to make the attack more credible. They can gather this information by monitoring your social media for a while, for example. Do you have a public social media profile? Then be aware of what you share!
Pretexting
In this process, the attacker invents an excuse (pretext) to gain access to sensitive information. This could include a phone call from someone posing as an IT employee asking to confirm login details.
Baiting
In baiting, a 'bait' is used to lure victims. This could, for example, be a USB stick left in a public place. As soon as someone plugs this USB stick into their computer, malicious software is installed.
Tailgating
In this physical form of social engineering, a criminal can enter a secure building without permission simply by walking in with someone. This could include someone kindly asking if you can open the door because they have their hands full with boxes or files. Or criminals who dress up as a service (such as IT or mail carrier) to enter via that way.
How to avoid social engineering
Be alert
Is the communication unexpected and does it ask for personal or sensitive information? Then handle this with care, even if it seems to come from a known source. Always check the sender and check if the request is legitimate. You can do this by sending a message or calling the person to check. Especially with an unexpected request, it is always good to be extra alert to this.
Don't click anywhere
Never just click on links or open attachments in suspicious e-mails. Move your mouse over the link and you will see the real web address before you click on it.
Use strong password policies and 2-Factor Authentication
Make sure your passwords are strong and unique for each account. Where possible, use a password manager to store your passwords securely. Read how to adopt a rock-solid password policy here. Protect accounts better with two-factor authentication (2FA). This is a security method for identity and access management.
Do not share sensitive information
Never disclose personal or sensitive information via e-mail, phone or other unsecured channels unless you are sure the request is from a legitimate source.
Report suspicious activity
Notice any suspicious e-mail or activity? As a member of Royal FloraHolland, you can make a report. Report any suspicious activity immediately to us Royal FloraHolland's cybersecurity team by emailing datalekken@royalfloraholland.com. Your alertness can help prevent potential attacks.
What are we doing towards a secure digital platform
Working with Royal FloraHolland, Floriday is looking to provide users with a secure digital platform. Which is why we are investing in an environment that is resistant to attack from cybercriminals. Royal FloraHolland is therefore one of the original founders of the Greenport Cyber Resilience Centre, where we are working with the entire sector on cybersecurity. We also offer growers and buyers a Royal FloraHolland Cyber subscription free of charge, to learn more about the subject and help with tips and advice.
There is a free monthly cyber consultation session especially for members of Royal FloraHolland (second Tuesday of every month). You can sign up here.