It’s easier for cybercriminals to hack a human than to hack a company network. That is why a cybercrime technique called “social engineering” is so popular with scammers.
Social engineering takes advantage of our human instinct to trust people and companies. In fact, qualities that Carnival UK values most as a culture – integrity, trust and respect for each other – are the same virtues cybercriminals try to exploit.
Social Engineering: how it works
Social engineers research potential victims – their behaviours, likes and dislikes – then use that information to customize a scam to trick them. It’s essential to be vigilant when it comes to unsolicited emails, especially any urging you to change your password or confirm personal information. Always double-check the identity of emailers and the validity of their requests, especially before disclosing confidential information such as:
- Names, birth dates and postal addresses
- Government-issued identification numbers
- User IDs and passwords
- Credit card and bank account details
- Financial and tax statements
- Sensitive, proprietary business information
Protect yourself from Social Engineering attacks
Cybercriminals will do whatever it takes to steal sensitive information, targeting victims with email, phone calls, text messages, social media sites, websites – and even in-person interactions. Look out for these forms of scam:
Email scam: Pretend to be co-workers or trusted company representatives, using professional-looking emails that seem legitimate but are actually scams.
Your defence:
- Avoid clicking on links or buttons in unexpected emails
- Don’t open or download attachments in suspicious emails
- Beware of unexpected emails urging immediate action; instead, search the company online and contact them directly
- Report all suspicious emails by emailing: Phishing@Carnivalukgroup.com
- Once Outlook is deployed we’ll have a ‘Submit a Phish’ button on the Outlook toolbar making it even easier to report suspicious emails.
Telephone scam: Impersonate guests, fellow operating company employees (from other Carnival Corporation brands) or familiar companies to convince victims to act quickly on a demand.
Your defence:
- Never disclose your user ID and passwords
- Always verify a caller’s identity before providing any information
- Never provide your credit card details unless you initiated the call
- Avoid leaving voicemail messages containing sensitive information
Online scam: Create mock company websites or fake online profiles to disguise the scam.
Your defence:
- Double-check the origin of all URLs and do not click on any that seem fishy
- Be careful about accepting unsolicited professional or social network requests
- Verify the authenticity of any detailed requests about our organization
- Keep in mind that websites and online profiles may not be legitimate
In-person scam: Gain access to secure workplaces by following employees through doors or masquerading as co-workers.
Your defence:
- Don’t let a stranger follow you into a controlled area
- Confirm the identity of delivery people, technicians, unescorted guests, etc.
- Keep your workplace clear of sensitive materials
- Store valuables – including mobile devices – in a safe place while away from your work area
- Shred or discard sensitive information in secured recycling bins
For more information, follow up here.