Ways Cyber Criminals Get Into Your Head.and Into Your Data 1

According to a 2018  Small Business Trends survey, 58% of all cybercrimes committed last year targeted small businesses, and most of these crimes came in the form of a “social engineering” attack. Social engineering is a mode of cybercrime that’s used to lure well-meaning individuals into breaking normal security procedures. These attacks appeal to their targets vanity, authority or greed to exploit and steal from their victims. Even a simple willingness to help can be used to extract sensitive data. An attacker might pose as a coworker with an urgent problem that requires otherwise off-limits network resources, for example.

These attacks can be devastatingly effective, and extremely difficult to defend against.

The key to shielding your network from this threat is consistent, ongoing awareness throughout your organization. To nip one of these scams in the bud, every member of your team must remain alert to these five telltale tactics criminals use to get into your head, and steal your data:

1. Clickbait. A particularly popular approach is to capitalize on the innately human desire to crane one’s neck to see an accident on the side of the road.  What if you came across a video link to view an ugly accident, or a three-headed baby?  You just might be tempted to click, especially because many legitimate articles and other pieces of content use similarly eye-catching headlines to get people to look at their stuff. Cybercriminals get this, and they exploit it. So, beware of links to overly graphic terrorist attack images, natural disasters, and other tragedies.

2. Phishing.  Phishing employs a fake e-mail, chat or website that appears legit. It may convey a message from a bank or other well-known entity asking to “verify” login information. Another ploy is a hacker conveying a well-disguised message claiming you are the “winner” of some prize, along with a request for banking information. Others even appear to be a plea from some charity following a natural disaster. And, unfortunately for the naive, these schemes can be insidiously effective.

3. Pretexting. Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. These types of attacks commonly take the form of a scammer who pretends that they need certain bits of information from their target in order to confirm their identity.

More advanced attacks will also try to manipulate their targets into performing an action that enables them to exploit the structural weaknesses of an organization or company. A good example of this would be an attacker who impersonates an external IT services auditor and manipulates a company’s physical security staff into letting them into the building.

Unlike phishing emails, which use fear and urgency to their advantage, pretexting attacks rely on building a false sense of trust with the victim. This requires the attacker to build a credible story that leaves little room for doubt on the part of their target.

4. Watering hole attacks. One of the things cybercriminals do best is collect information about their targets. Browsing habits tell a lot about a person, which is why that ad for wreath hangers keeps popping up in your Facebook feed. Cybercriminals use this information the go after the sites most visited by their target group. Once they discover a particular website is popular with their targets, they infect the site itself with malware.

5. Tailgating. Another social engineering attack type is known as tailgating or “piggybacking.” These types of attacks involve someone who lacks the proper authentication following an employee into a restricted area.

In a common type of tailgating attack, a person impersonates a delivery driver and waits outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee hold the door, thereby gaining access off of someone who is authorized to enter the company.

Tailgating does not work in all corporate settings, such as in larger companies where all persons entering a building are required to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to successfully get past the front desk.

6. Ransomware. Ransomware is nasty business. It’s also social engineering at its finest/worst. Ransomware is a type of malware that holds your files or part of your system ransom. In order to return access, you have to pay cybercriminals. People who want their precious data back might pay up right away. But for those who need additional scare tactics, criminals have come up with law enforcement scams that make it appear as though the U.S. Department of Justice or FBI Cybercrime division are contacting you to claim that you’ve done something illegal.

7. Quid Pro Quo.  Here a con artist may offer to swap some nifty little goody for information… It could be a t-shirt, or access to an online game or service in exchange for login credentials. Or it could be a researcher asking for your password as part of an experiment with a $100 reward for completion. If it seems fishy, or just a little too good to be true, proceed with extreme caution, or just exit out.

One of the most common types of quid pro quo attacks involve fraudsters who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find. These attackers offer IT assistance to each and every one of their victims. The fraudsters will promise a quick fix in exchange for the employee disabling their AV program and for installing malware on their computers that assumes the guise of software updates.

So what steps can you take to prevent these psychological attacks? Here are a few methods to start with:

  1. Equip yourself with antivirus, anti-malware, and anti-exploit security programs. These can fight off malware attacks from a technical standpoint.
  2. Anonymize your data by using the privacy features of your browser. It’s also a good idea to clear cookies every once in a while.
  3. Lock down privacy settings on social media accounts. Make sure you’re making information available only to those you wish to have it.
  4. Use the right software and hardware systems. If you just use your computer to surf the web, you probably don’t need a powerful processor or the Adobe suite. Consider this: the more applications and programs you install on your machine, the more sources of trouble you have built into your system.
  5. Have a company security policy in place and back it up with good awareness training. Give employees clear guidelines on the appropriate response to a particular situation, such as those 7 nasty demons described above.
  6. Take personal ownership of your IT security; remember your personal data might be as much at risk as company business.Treat company data with the same care you would of your own assets.
  7. Finally, and most importantly, use common sense. A healthy dose of skepticism goes a long way. Verify information. Contact the claimed source. Make sure you have professional IT support to protect your systems, provide training and guidance, and keep you up-to-date with the latest cyber security protection tools and tactics.

This downloadable cheat sheet identifies THE Red Flags you need to be on the lookout for in EVERY email you receive. Get yours now.

Copy of 7 Emails Scam Red Flags You Need To Know Now 4

Know Someone Suffering From Bad IT Support?

Palindrome Consulting Wants To Help!

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews
Palindrome Consulting