Pay extra attention to social engineering!
Sweden will soon make a decision on the NATO issue, which increases the likelihood of Sweden and organizations being exposed to various types of cyberattacks. We at GDM have increased preparedness regarding the increased external threats and also want to encourage others to be extra attentive to attempts at social engineering.
Here we have collected some examples of this type of attack and things to consider that everyone needs to take into account:
- Emails asking you to click on links, make changes to your environments or provide sensitive information. If you are in any doubt, don’t do it, consult a colleague or contact your IT support.
- In some cases, you may also be offered compensation for answering a survey, for example. Always consult your manager if you are considering this.
- Phone calls from customers, authorities or others asking you to make changes to your environments or provide sensitive information. Always ask for a return call* to confirm that the person is who they say they are or refer the person to e.g. a manager or other responsible person internally.
- Orders asking you to make changes that affect the security of your environments.
- Some external person or persons you do not recognize ask you to let them into the premises. In this case, you should always accompany them to the person they are looking for or while they are on the premises.
- Should you do something that you later suspect may have been wrong, contact your manager or IT support so that the issue can be addressed.
*Counter-calling means that if, for example, someone calls and says they are from the police, you ask to counter-call and describe why. You then call the police switchboard and say that you are calling back to confirm the person’s legitimacy. Ask to speak to the caller and what he/she wanted to talk about and you will be connected to them.
