Five Types of Social Engineering Scams to Know

Friday, November 4th, 2016 by Bahador Jamshidi

Orlando Network Security Consultant Company

CYBERSECURITY: technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

In a recent report from AT&T, 63% of businesses acknowledged they experienced some sort of a cyber attack. In 2016, these incidents have become even more common.For today’s companies, falling victim to one of these attacks is no longer a question of “if” but “when.”

Today’s employees are connected to the Internet all day every day, communicating with colleagues and stakeholders, sharing critical information and jumping from site to site. With hackings, data breaches and ransomware attacks on the rise, it is essential for all companies to plan for the worst, with mandatory cybersecurity trainings for all employees and with the recommended solutions for mitigating the risks. Today’s data threats don’t discriminate; businesses of all sizes are susceptible to attacks. However, small to medium-sized businesses (SMBs) are often less prepared to deal with security threats than their larger counterparts. The reasons for this vary from business to business, but ultimately it comes down to the fact that SMBs often have less resources to devote to cybersecurity efforts.

This series of posts contain practical advice and easy tips for training employees on cybersecurity and industry best practices with real-world examples. We also outline the essential solutions designed to help today’s businesses defend against and recover from a cybersecurity incident.

In 2016, it has been estimated that roughly 80% of U.S. companies have suffered a cyber attack of some kind, with 47% experiencing a “ransomware incident.” At the root of the majority of ransomware attacks is the tactic of social engineering, leveraged by hackers, which involves manipulating a person or persons in order to access corporate systems and private information. Social engineering plays into human nature’s inclination to trust. For cyber criminals, it is the easiest method for obtaining access to a private corporate system. After all, why would they spend the time trying to guess someone’s password when they can simply ask for it themselves?

Let’s help employees help themselves. Below is a quick and dirty overview of today’s most common and effective social engineering scams. This is the list to hand employees on their very first day. Why not include it in their “Welcome” packet? If they don’t know these leading hacker tactics, they WILL fall for them.

Phishing:

phishing is the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.

Baiting:

Similar to phishing, baiting involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

Quid Pro Quo:

Similar to baiting, quid pro quo involves a request for the exchange of private data but for a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.

Pretexting:

Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

Tailgating:

Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software