Social Engineering & IT Security: What Businesses Need To Know
Every day we’re presented with news of the “next big thing.” Disruptive technology developed by some of the most innovative minds of our time has created tremendous value for companies. These revolutionary tools, which have completely changed the ways we work and play, are simply powerful.
The problem is, power isn’t always a good thing.
In 1771, British-Irish statesman Edmund Burke said, “The greater the power, the more dangerous the abuse.” While his subject at the time had more to do with politics than technology, the statement holds the same truth today as it did then.
There are few places where power is abused more dangerously than in the cyber crime industry. According to “The Economic Impact of Cybercrime: No Slowing Down,” a report published by McAfee in 2019, the cost to the global economy could be as high as $600 billion a year.
Compare that to the “2021 Report: Cyberwarfare In The C-Suite,” published by Cybercrime Magazine, which states that the cost to the global economy could be as high as $6 trillion in 2021. And, those costs are estimated to reach $10.5 trillion by 2025.
As you can clearly see, the frequency of attacks and the cost to businesses is rapidly increasing.
How should your business enlist in the global fight against cyber crime? As always, it is vital to ensure you’re using the right combination of hardware and software to keep illicit software (malware) from being transmitted to your company’s network – but there is another threat, and that threat is you.
The Threat of Social Engineering
“Social Engineering” remains a prime cyber crime tactic because the bad guys know that it works. This is where con artists gather information and use it to influence your actions, oftentimes causing you to do things you didn’t intend to do.
Here are a few examples of social engineering:
Emails from “Trusted” Sources
First is a series of emails that attempt to trick you into thinking that they come from sources you trust, such as social networks, shipping providers, financial institutions, or even an executive at your company.
In reality, these messages take you to a compromised website, infect your network, trick you into providing information you wouldn’t want to share, or many other things that you want to avoid.
Keep in mind, it’s just as easy to forge a return address on an email as it is on a piece of physical mail, and anyone can make a website that looks reliable.
Emails From Fake Vendors or Business Contacts
Another common scam comes from fake business contacts making equally invalid business inquiries, but they’re using personal touches to make them look legitimate.
Here is one that many business professionals have received: “Hi Courtney, I received a charge on my credit card from teamaccent.com for $455.31. Could you check out the attached screenshot and let me know what this is for?”
If the recipient clicks on the attachment, it attempts to infect their network with malicious software.
Be careful of any links or attachments, especially from people who don’t usually send them.
Using Public Information to Influence Major Changes
The last one, which is the scariest, is to use public information to influence major changes at companies. For example, at a Fortune 50 company my friend works at, they have a tradition of closing down for two weeks at the end of the year.
Midway through last year’s break, a day after the CEO posted some photos from his ski trip to Austria on Instagram, the CFO (listed on LinkedIn) got an email that looked like it came from the CEO. It requested that nearly $1 million be deposited into an account in Brazil to support the opening of a new office, which had been publicized in the news. This social engineer had used public information to create an elaborate yet believable scheme. Luckily, this company had checks in place to ensure that transactions of that size would need to be authenticated.
Dishonest money transfer emails happen all the time in smaller organizations as well, so it’s not just the large companies that need to be on high alert.
This type of scam is also used for smaller-scale attacks. The cyber criminal will do a quick Google search to see what types of things you’re into, then pose as a friend or family member sending you a link to something that interests you. That link ends up being a virus that’s much easier to fall for than if it wasn’t personalized for you.
Users need to be vigilant about reviewing emails and making sure they are legitimate before interacting with them. If you’re in doubt or have questions, ask your internal or outsourced IT support team!
Are You Sure You’re Secure?
If you’re not really sure if your organization is doing what you need to do to keep cyber criminals from exploiting your data, systems, and employees, schedule a cyber security assessment to get an objective view and actionable recommendations. Call us at 800-481-4369 to get started.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.