Social Engineering: How Humans are Hacked

 

The easiest way to hack an IT system is by manipulating a user, rather than a machine. Social engineering allows hackers to gain access to data, systems, or buildings by exploiting human psychology. Cybercriminals can carry out social engineering attacks on the internet, over the phone, and in person.

Social engineering hackers exploit their victims by appealing to these emotions:
• Fear
• Urgency
• Laziness
• Curiosity
• Sympathy
• Greed

 

Types of social engineering attacks:

Pretexting: The hacker will pretend to be someone you know, such as a co-worker. For example, the hacker may use an email address similar to the co-worker, and then urge you to look at their attached spreadsheet report immediately. Unfortunately, the spreadsheet is embedded with malware, which will launch as soon as the file is opened.
Phishing: The hacker, posing as a legitimate organization, will urge the user to take action quickly via email, such as entering login credentials on a data stealing portal. For instance, a recipient could be asked to verify their bank account information by clicking on an official looking email, and then entering their account number and PIN into their fake portal.
Vishing: Similar to phishing, but involves the hacker contacting the victim by phone instead. The hacker can pretend to be a co-worker who urgently needs the login information for client management software.
Scareware: Hackers will trick their victims into thinking their computer is infected with malware or they downloaded illegal content. The hacker will then provide you with a bogus fix and then collect a fee for the service.
Quid Pro Quo: Hackers will encourage user to divulge private information in exchange for prizes or discounts. The information is collected, such as birthdates and passwords, is used to commit fraud and steal your money.
Baiting: The hacker will leave an external storage media, such as a USB drive or CD, where someone can easily find it. The media may have an enticing label, such as employee salary information. The user will then load the media onto their computer and unknowingly install malware.
Tailgating: The hacker will lurk outside in an employee hang out spot, such as a smoking area, and start talking to a group. When the group moves back into their secured building, the hacker will follow them inside. The hacker may even have a stolen or counterfeit badge they can use to enter offices and snoop through company assets.

How can I protect myself?
• As always, make sure to inspect links closely on emails and text messages. Also, don’t open unexpected attachments, especially from unknown recipients.
If you get a random request for personal information, follow up with the source through a different communication method. For example, if you get an email from a co-worker to wire money to a vendor, follow up with a phone call.
Don’t call support phone numbers from random browser pop ups. Close the browser to get rid of the message. If you have any doubts, call SwiftTech Solutions.
Don’t let anyone follow you inside a secure building unless you know it is a fellow tenant. Let them know you can’t let them in because of building’s security policy and they should contact the company he/she is visiting in order to gain entry.
Make sure desktop and mobile devices display a lock screen after five minutes of inactivity.
Make sure to keep your social media accounts private and be careful of accepting friend requests from people you don’t know.
If you use an ID badge to enter the building, keep it with you at all times throughout the work day. If you lose the card, you’ll need to report the incident immediately to the issuing party, such as Human Resources or the building management.
Trust your instincts. If something feels off, chances are you are correct.

If you’ve been scammed by social engineers already:
Contact SwiftTech Solutions immediately for assistance. Call 877-794-3811 or email This email address is being protected from spambots. You need JavaScript enabled to view it..
Call your bank and credit card companies to report any fraudulent charges.
File a complaint with the Federal Trade Commission (FTC). Email your information to This email address is being protected from spambots. You need JavaScript enabled to view it..

To learn more about our IT services, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or 877-794-3811.

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch