Social Engineering & Online Scams

social-engineering

TechViews News   …..

It’s no secret that hackers use their technical expertise to attack computer systems and compromise sensitive data.

This type of malicious cyber hacking makes news all the time. However, a social engineering attacker uses different tactics to skirt security protocols, often exploiting one weakness that is found in every company and every home, humans.

In other words, using phone calls and other means of communication, these hackers trick people into handing over sensitive information.

Social engineering is a term that encompasses a broad spectrum of malicious activity so I want to share with you the top three methods of social engineering that attacks people and companies, focusing on human errors to give them the information they want.

Pretexting. This form of social engineering focuses on creating a good pretext or fake scenario, where the bad guy tries to steal the victims’ personal information.

In these types of attacks, the scammer usually says they need certain bits of information from their target to confirm their identity. In actuality, they steal that data and use it to commit identity theft or to stage another attack.

For example, an attacker might impersonate a company’s IT services employee so that they can talk the company’s physical security team into letting them into the building.

Or gain the trust of an elderly homeowner in order to get information that might access his/her bank accounts or Social Security records.

The goal of a pretexting attack is to build a false sense of trust with the victim. This method requires the attacker to build a credible story that leaves little room for doubt on the part of their target.

The best way to avoid this is to always verify who is calling you and asking for detailed information.

If your company’s HR calls you to ask personal details, you should politely tell them you will call them back and then call the phone number you have for your HR to make sure it was them actually calling you in the first place. Or, you can say you want to come by their office and share this information with them in person.

Phishing. This is the most common type of social engineering attack that occurs today. The main goal of phishing attacks is to obtain personal information such as names, addresses and Social Security numbers.

In short, these criminals use shortened or misleading website links that redirect users to websites that are really phishing landing pages. These malicious links are often delivered in e-mails or text message to the victims, and many contain spelling or grammar errors.

However, they all have the same goal of using fake websites to steal user login credentials and other personal information.

A recent phishing campaign used a compromised email account to send out fake emails. The e-mails asked recipients to review a proposed document by clicking on an embedded URL.

That URL redirected users to a phishing page impersonating a Microsoft Office 365 login portal where users were duped into providing their login information.

The key to preventing this type of attack is to never click on a link that you aren’t familiar with or that doesn’t come from a trusted source.

Quid Pro Quo. These types of attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service or gift of goods.

One of the most common types of quid pro quo attacks that have come out in recent years is when fraudsters impersonate the Social Security Administration.

These fake SSA personnel contact random individuals, inform them that there’s been a computer problem on their end and ask that those individuals to confirm their Social Security Number, all for the purpose of committing identity theft.

In similar cases, malicious actors set up fake SSA websites that say they can help users apply for new Social Security cards, but instead, simply steal their personal information.

Criminals who engage in social engineering attacks prey off of human psychology and curiosity in order to compromise their victim’s information.

With the human element being the key, it is up to companies and individuals to educate themselves on how criminals will try and trick them to get personal information.

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.