By Jeff McCulloch
Yeo & Yeo Computer Consulting President
Cybercriminals are always trying to take advantage of organizations and employees who are not staying alert and up to date with the latest types of attacks. Refresh yourself about the types of attacks to watch for and the red flags that may help you spot them.
Social Engineering
Social engineering is the art of manipulating, influencing, or deceiving you into taking some action that isn’t in your own best interest or the best interest of your organization.
The goal of social engineers is to obtain your trust, then exploit that relationship to coax you into either divulging sensitive information about yourself or your organization or giving them access to your network.
Digital Attacks—Phishing
Phishing is the most common digital attack, which is when you receive an email that looks like it’s coming from a legitimate source, telling you that there’s a problem which requires you to click a link or take an action that is in an attacker’s interest.
Digital Attacks—Spear Phishing
Spear phishing is a small, focused attack via email on a particular person or organization. In this attack, the criminals research a specific target using social media and other open sources of information.
In-Person Attacks—Tailgating
A hacker scouts a location like the outside smoking area at your organization and then joins your group as a smoker, participating in your group conversation. When your group returns to work, he follows you in just like any other employee and then finds a workstation he can hack.
A hacker may follow an employee to the building’s locked entrance and walk in behind the employee or ask to be let in, saying that he forgot his key or access card.
USB Attacks
Attackers leave a USB stick that says “Payroll” where it can be easily found, like in your office parking lot, or sends it by mail disguised as a customer or vendor.
Phone Attacks
Another name for phone-based social engineering is voice phishing or “vishing.” Like phishing, vishing is when the hacker calls you and tries to con you into surrendering confidential information.
Phone Attacks—Smishing
“Smishing” stands for “SMS phishing” or phishing that occurs through text messaging. For example, they send a text message asking you to call a number or click on a link.
Red Flags
Please keep an eye out for these red flags to help prevent security breaches:
-
Someone unknown hanging around the building, even in a uniform.
-
Others looking over your shoulder. Always lock your workstation if left unattended.
-
E-mails that have strange “From” or “Reply to” addresses. Also, look at the “To” line and see if the e-mail was sent to many people.
-
E-mails that come at strange times of day, or with strange or shocking subject lines.
-
E-mails that ask you to click links within or open an attachment especially with content that makes you uncomfortable such as a security breach warning.
-
Hyperlinks that contain strange or spoofed addresses. Hover over the link and look at the URL it will redirect you to.
The one thing all of these attacks have in common is that they require a user to take action. Be alert and cautious to avoid these attacks.
Jeff has more than 20 years of experience in business development, product management and business operations within high technology companies. His areas of expertise include business consulting for manufacturing, financial services, professional corporations and small businesses.