Cyber convicts using social engineering have scammed over 12,000 companies the world over since October 2013, according to the FBI. These criminal have taken over 2 billion dollars. Most people who are caught victim are too embarrassed to go public and tell the authorities because their customers or clients may find out. So, these are just the reported cases; the tip of the iceberg.
Social engineering, the modern confidence game, is comprised of five methods that cyber criminals use to convince honest people to ignore normal security procedures. They exploit their victims by appealing to vanity, authority or greed to extract sensitive data. An attack might come from someone pretending to be a coworker with an urgent problem that must be solved immediately by accessing otherwise off-limits network resources, for example.
“I’m not going to make payroll – we’re going to close our doors as a result of the fraud.”
This statement is unfortunately becoming more and more common among smaller businesses and nonprofit organizations, according to Mitchell Thompson, head of an FBI financial cybercrimes task force in New York.
It is difficult to defend yourself against these traps. You want to know how to avoid them.
Spreading vigilance and awareness throughout your company is the foundation for protecting your system from these threats. To be sure it never even happens to your business, all of your team members must remain ready to act in the face of these five telling tactics:
- Phishing – Phishing is a tactic that uses a fake e-mail, chat or website that looks like the real deal. A bank (e.g. Bank of America) or other well-known entity (e.g. Paypal, eBay, etc.) may be asking to “verify” your login info. In another scenario, a hacker sends a plausible-looking message claiming you are “a prizewinner” and then requests your banking information so that they can deposit your winnings. Lastly, there may be a heart-wrenching request for a donation from some charity following a natural disaster. For the unsophisticated and trusting among us, these plots can be subtly efficient.
- Pretexting – Similar to phishing, Pretexting is someone who roleplays a person you’d expect to trust or someone in authority to get you to give up login data. This might be a fake IT support person who says maintenance is required…perhaps an auditor examining the company’s records. Others in dependable roles might be law enforcement, the IRS or even someone purporting to be on the janitorial staff, using phony identification to find access into your network.
- Baiting – The baiting attacker uses the “carrot-on-a-stick” approach that gets his victim to act. An example is something like a movie or music download. It could also be a USB flash drive complete with company logo, labeled “Executive Salaries & Negotiations 2016 Q1,” left where a curious mark can easily find it. After the files are downloaded or the USB drive is plugged in, the computer has become an open door for the criminal.
- Quid Pro Quo – A let’s-make-a-deal scammer might offer to trade some swag for just a little bit of information. It could be a baseball cap, or the code to an online game or service swapped for login credentials. Maybe it’s a researcher who wants your password as part of a trial with a $100 reward for you to get it done. Ask yourself this, “Is it just a little too shifty or way too good to be true?” If the answer is, “yes”, then either immediately decline or close out the window.
- Tailgating – If you’ve ever been followed into a restricted area, at your workplace or on your computer, your shadow may be a tailgater. Take that business-casual clad person who sheepishly says they left their company RFID card home and would you let them enter the building with you. Maybe another innocuous someone wants to borrow your laptop or computer just to do something “real quick,” which might be installing malware.
Those are just a few examples. But they tell you that you can’t insulate yourself or your company against social engineering attacks with technology alone. To do this effectively requires an all-hands-on-deck posture. Everyone is a target. Obviously, that means everyone must be schooled to prevent these tactics from working. After all, you can’t be on guard unless you know what you’re guarding against.
Start to protect yourself from social engineering and other cyber threats by obtaining our recent special report on this critical topic:
The Top 10 Ways Hackers Get Around Your Firewall & Antivirus to Rob You Blind
The threats out there could put you in a world of trouble that’s too expensive to get out of. Everything you’ve worked hard for is at risk. We know how to help and save you money in the long run. Call us at 818-528-5600, or e-mail me directly at firstname.lastname@example.org and get a copy of this crucial guide today–before you have a sad social-engineering story of your own to tell. StillPoint Systems – www.stillpointsystems.com