With the recent phishing scam using Google Docs, phishing is a word on everybody's lips. Educating yourself and your employees to understand all the different types of cyber threats is important and how to avoid them is crucial to keeping your company and personal information secure. In today's blog, we'll cover the 5 different types of social engineering scams.
This is the leading tactic used by today’s ransomware hackers, usually delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. The message within these emails often appears to be from the government or a major corporation; it can include corporate logos and/or other legitimate-looking branding and is often written in a way to deliver a sense of urgency and importance.
QUICK TIP: You should never click through the offered link or hit reply unless you are 100% certain that an email is legitimate.
Like phishing, baiting involves the offer of something enticing in exchange for private data. The “bait” comes in many forms: it could be digital, such as a music or movie download, or it might be physical, such as a jump drive left out on a desk for an end user. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
QUICK TIP: Never insert any item into your computer that you "found" to see what is on the drive.
QUID PRO QUO
Quid pro quo is also a request for the exchange of private data but in this scheme, the enticement is a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.
QUICK TIP: Never give out your login credentials to anyone, especially to someone you don't know over the telephone.
When a hacker creates a false sense of trust between him/herself and an end user by impersonating a co-worker or an authority figure within the company to gain access to private data, this is known as pretexting. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data to comply with a corporate audit (that isn’t real).
QUICK TIP: Don’t give out your personal information on the phone, via email or snail mail unless you’ve initiated the contact or unless you’re sure it’s safe. Pretexters are especially interested in information such as your SSN, mother’s maiden name, pet or child’s name, bank, brokerage and credit card account numbers, and phone company.
Tailgating is the most face-to-face cyber threat: a scam artist physically enters your business through the front door. Often these hackers will try to befriend an employee or will ask a person with access authorization to hold the door open claiming they’ve forgotten their RFID card. In this way, they gain access into a restricted area and can steal valuable company secrets and /or wreak havoc on your IT infrastructure.
QUICK TIP: Never hold the door open to a secure building for someone you don't work with directly.