31478 Industrial Road Suite 200, Livonia, Michigan 48150 sales@xfer.com

XFER Blog

XFER Blog

XFER has been serving the Livonia area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Social Engineering: Not All Hackers Target Technology

b2ap3_thumbnail_social_engineering_risky_400.jpgThe nature of hacking is to take advantage of weak points and exploit them for some kind of profit. This is usually seen in flaws or vulnerabilities found within the code of a program or operating system, but these flaws can be psychological, too. Hackers are increasingly taking advantage of a concept known as “social engineering” to fool users into handing over sensitive information that can be used against them.

Social engineering hacks are performed against unsuspecting individuals who might be privy to sensitive information within a corporation. These people often have less technical skills and might be more vulnerable to exploitation than others. These attacks often seek out information like passwords, usernames, dates of birth, and other sensitive credentials. The more skilled social engineering hacker can replicate sites to infect systems with malware, or even initiate infected downloads.

The most notorious social engineering method of hacking is called phishing, when emails are sent to a user under the guise of a seemingly harmless institution, like a bank. These messages usually ask the victim to confirm login credentials and other information in a manner that looks legitimate.

Spear phishing attacks are some of the most dangerous hacks out there. These types of phishing threats target specific users with personalized messages that are designed to coerce them into giving up personal or financial information. There have even been accounts reported of hackers posing as the media in order to get access to secure information.

According to HowToGeek.com, this method isn’t limited to being used remotely. Social engineering hackers can also get up close and personal with their attempts:

An attacker could walk into a business, inform the secretary that they’re a repair person, new employee, or fire inspector in an authoritative and convincing tone, and then roam the halls and potentially steal confidential data or plant bugs to perform corporate espionage. This trick depends on the attacker presenting themselves as someone they’re not. If a secretary, doorman, or whoever else is in charge doesn’t ask too many questions or look too closely, the trick will be successful.

How Can You Protect Yourself?
Ultimately, it comes down to educating yourself and your staff on how to identify a social engineering hack from the real deal. Here’s how you can minimize your chances of playing into the hands of a phishing scam.

  • Always be suspicious. Strange messages and phone calls are more than enough reason to be suspicious of the sender. If this is the case, it’s important that you don’t respond until you can confirm the identity of the sender. Contact the organization with the number or email address you have on record to ensure that you’re not being scammed. Some pointers to look for are misspelled words or strange links.
  • Avoid links in emails to websites that gather sensitive information. It’s possible that these links lead to fake sites that are designed to steal your credentials. If you suspect this is the case, try logging into the official site that you accessed outside of your email. You can spot subtle differences in the URL which give it away.
  • Make sure spam and phishing filters are enabled in your email and browser. Some browsers have built-in protection from known phishing sites which should always stay active. One particularly powerful solution is XFER’s Unified Threat Management (UTM) solution. This solution equips your business with everything it needs to keep outside threats from getting into your network, including spam filtering and web content blocking.

When it comes down to it, the only way to maximize your business’s security from phishing attacks is to make sure your team knows how to identify and handle them. For more information on how to keep yourself safe from all manners of threats, give XFER a call at 734-927-6666 / 800-GET-XFER.

Which VoIP Solution is Best for Your Business, In-...
Tip of the Week: 4 Ways to Cut Down On Your Mobile...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Tuesday, 05 November 2024

Captcha Image

Customer Login


Cybersecurity Risk Assessment

cybersecurity-audit

Our risk assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Request Yours Today!

Contact Us

Learn more about what XFER can do for your business.

XFER Communications, Inc.
31478 Industrial Road Suite 200
Livonia, Michigan 48150