Social Engineering & IT Security: What Businesses Need To Know
Every day we’re presented with news of the “next big thing.” Disruptive technology developed by some of the most resourceful minds of our time has created tremendous value for companies. These revolutionary tools, which have completely changed the ways we work and play, are simply powerful.
The problem is that power isn’t always a good thing. In 1771, British-Irish statesman Edmund Burke said, “The greater the power, the more dangerous the abuse.” While his subject at the time had more to do with politics than technology, the statement holds the same truth today as it did then.
There are few places where power is abused more dangerously than in the cybercrime industry. According to “Net Losses: Estimating the Global Cost of Cybercrime,” a report published by McAfee, the cost to the global economy could be as high as $575 billion a year.
How should your business enlist in the global fight against cybercrime? As always, it is important to ensure you’re using the right combination of hardware and software to keep illicit software (malware) from being transmitted to your company’s network – but there is a new threat, and that threat is you.
The Threat of Social Engineering
Cybercrime has turned a corner to include a concept called “Social Engineering.”
This is where con artists will gather information and use it to influence your actions, often times causing you to do things you wouldn’t intend.
Here are a few examples:
Emails from "Trusted" Sources
First is a series of emails which attempt to trick you into thinking that they are coming from sources that you trust, such as social networks, shipping providers, or financial institutions.
In reality, these messages take you to a compromised website, infect your network, trick you into providing information you wouldn’t want to share, or many other things that you want no part of.
It’s just as easy to forge a return address on an email as it is on a piece of physical mail, and anyone can make a website that looks reliable.
Emails from Fake Vendors or Business Contacts
Another common scam comes from fake business contacts making equally invalid business inquiries, but they’re using personal touches to make them look legitimate.
Here is one that many business people have received: “Hi Courtney, I received a charge on my credit card from teamaccent.com for $455.31. Could you check out the attached screenshot and let me know what this is for?”
If the recipient clicks on the attachment, it attempts to infect their network with malicious software.
Be careful of any links or attachments from people who you wouldn’t expect them from.
Using Public Information to Influence Major Changes
The last one, which is the scariest, is to use public information to influence major changes at companies. At a Fortune 50 company my friend works at, they have a tradition of closing down for two weeks at the end of the year.
Midway through last year’s break, a day after the CEO posted some photos from his ski trip to Austria (on Instagram,) the CFO (listed on LinkedIn) got an email that looked like it came from the CEO. It requested that that nearly $1 million be deposited into an account in Brazil to support the opening of a new office, which had been publicized in the news. This social engineer had used public information to create an elaborate, yet believable scheme. Luckily, this company had checks in place to ensure that transactions of that size would need to be authenticated.
Dishonest money transfer emails happen all the time in smaller organizations as well, so it’s not just the large companies that need to be on high alert.
This type of scam is also used for smaller scale attacks as well. The hacker will do a quick Google search to see what types of things you're into, then pose as a friend or family member sending you a link to something you'd be interested in. That link ends up being a virus that's much easier to fall for than if it wasn't personalized for you.
Users need to be vigilant about reviewing emails and making sure they are legitimate before interacting with them. If you’re in doubt, or have questions, ask your internal or outsourced IT support team!
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.