Social Engineering: How Scammers are Using Low Tech Tools to Gain High Tech Access
A business’s data is its most important asset. To protect it, companies hire IT services providers to put up firewalls, encrypt passwords, maintain anti-virus software, backup data, and more. It takes the most advanced hacker to break through these barriers outright. However, there are other ways to gain access to your data that bypass these obstacles. Some scammers use human psychology to dig their way in. The technology these people use is low tech, but the strategy is effective. Businesses should be aware of this type of security threat as well and do everything possible to guard against it.
What Exactly is Social Engineering?
Every individual is unique, but our brains generally work in very similar ways. We take notice when we see or hear our names; our pleasure receptors light up when we receive compliments or awards; we trust the people we’ve come to know. These patterns of human behavior are predictable. They are also precisely what low-tech scammers attempt to exploit via social engineering--the act of fraudulently gaining access to data or funds by playing on humans’ instinct to trust others.
Examples of Social Engineering
Many of us probably know better by now, but in the early days of the internet, just about everyone fell victim to an email phishing or malware scam at least once. These come in the form of an email supposedly from a familiar address or reputable source. The user would open the email to find a halfway convincing message alongside a clickable link. This link would either release a computer virus or direct someone to enter personal information. Anyone who opened these links unwittingly yet voluntarily opened the door to malicious sources. Today, in addition to phishing scams, low-tech scammers are finding new ways to gain access.
Modern Social Engineering: In-Person, Over the Phone, and Online
The most basic form of social engineering is to simply make one’s way inside a company building without clearance or ID. Scammers pull this off by wearing fake credentials or entering a door that was recently opened by a real employee. From here, they can eavesdrop, get a layout of the office, and potentially hack into computers directly.
In recent years, low-tech scammers have also been using phone calls to extract tons of information from unsuspecting victims. Third-party companies collect and sell phone numbers, which in turn allow scammers to generate a massive list of numbers and set up automated calls. The most prominent cell phone scam of late claims to be from the U.S. Internal Revenue Service (IRS), threatening to audit or prosecute individuals for tax fraud or neglect. The real IRS has had to come out and tell the public that they do not call people but send notices via the postal service. Still, plenty of people, fearing their livelihoods and records, gave up their bank information, social security numbers, and other important information to these scams.
While email phishing may have lost some of its power, scammers still use the internet to extract information. Social media has made it easier than ever for scammers to target individuals and find plenty of information about them, including phone numbers, email addresses, places of work, date of birth, and more. Many people willingly post this information for all to see, not thinking it will lead to any harm. But social engineers count on this naive attitude and use platforms like Facebook and LinkedIn as a jumping off point for digging up more information.
One example of how scammers use this information is what the FBI calls Business Email Compromise. In these attacks, scammers learn who an employee’s supervisor is, and then send that employee emails posing as their superior, requesting that they wire funds to a particular account. Unfortunately, many employees fall for the scam, costing their companies significant amounts of money
How to Guard Against Social Engineering
Individuals and businesses can take practical steps and utilize technology solutions to protect themselves from social engineers. Companies can re-evaluate their office security system, investing in modern closed-circuit cameras and automatically-locking or remote access doors monitored by IT support. People should also consider turning their social media profiles to private, or at least hide their personal information such as phone number, address, etc. Everyone should remain wary of email links, and always double check before opening mysterious attachments. Unknown numbers and repeat callers can be blocked and reported as well. Furthermore, businesses should also consider approval workflows around financial transactions that do not rely solely on electronic communication
Of course, businesses must also incorporate a powerful technology strategy to fend off high-tech hackers and scammers as well. Affinity Technology Partners offers state-of-the-art security methods that will keep your precious information away from bad actors and competitors. Whether you need onsite IT support, data backup, device monitoring, or risk analysis, our people will be there. For more information on our services, strategies, and solutions, call us today at (615)-372-0300.