Social Engineering Prevention
The most effective way to prevent damage from social engineering attacks is to educate users. User must be able to recognize and respond to these attacks properly.
- Users should not automatically believe everything they see, hear, or read, particularly on the Internet.
- Organizations should implement security policies and train users to follow them.
- Users should report possible attacks.
- Users should not give out passwords over the phone or in email.
- Users should not comply with phone or email requests for personal or company information or access to company resources.
- Users should transfer phone callers who make unusual requests to a system operator.
- And, above all, users must employ common sense. If anything sounds forced, too good to be true, or otherwise unusual, it is best to err on the side of caution.
Figure: Social engineering prevention.