Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around South Florida. Computer Services, Tech Support, IT Solutions and more!

Why Social Engineering Needs to Be on Your Radar

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and so need to be protected against.

Let’s examine how social engineering is shaped, and why it can be such an effective method for hackers to use.

What is Social Engineering?

While the term is now most closely associated with cybercrime, the basic concept behind social engineering is using one’s perceived influence (whether that perception is accurate or not) to lead another person into making decisions that are to your benefit.

Take a moment and think of some of the cyberattacks you’ve seen in film and television. With very few exceptions, they either are carried out through a direct attack where the cybercriminal types in some code and disables the target’s defenses, or the cybercriminal puts on a disguise to infiltrate the business itself. Of the two, the latter is closer to the social engineering approach, but it is not unheard of for an attack to utilize aspects of both (granted, films and television drastically oversimplify how this works).

For our purposes, social engineering is the term used to describe when someone uses the fundamentals of human psychology to gain unauthorized access to a business and its data. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the people working with the technology to gain access through relatively simple psychology.

This can be accomplished through a few different means, each classifiable under a different banner: user carelessness, perceived helpfulness, fear tactics, and working within a comfort zone. What follows is a review of these banners and some of the strategies that a social engineering cybercriminal will use as a part of each. We will also go over a few best practices that can help prevent a social engineer’s success.

User Carelessness

It is not uncommon for a scammer looking to leverage social engineering to rely on the oversights of a business’ end users in order to gain some information. Some of the things that may be thrown out without a second thought could very easily cause a security leak, so it doesn’t hurt to keep a shredder readily available in the office. If a scammer has managed to get into your building itself, they might not even have to bother dumpster diving, especially if your users have their passwords recorded on sticky notes and pasted to their monitors. This is precisely why you should never keep your passwords written down somewhere, regardless of how much you trust your coworkers or employees.

Perceived Helpfulness

People are social creatures, which is why it is (for the most part) our instinct to lend someone a hand if we see they need help. This impulse has contributed to cybercriminals taking advantage of their victims in order to advance their schemes. How often do you see someone holding a door for a perfect stranger if they are carrying something, or even if they are walking closely enough? Many times, this tendency has allowed cybercriminals to gain the access they need to execute their attack thanks to an unwitting employee. This can even happen after emergency evacuation drills, as the high volume of traffic allows a cybercriminal to pass through relatively unnoticed. Otherwise, scammers will frequently call up the organization, ask to be connected to IT, and (posing as a user whose name they found on LinkedIn or by searching through the trash) ask to have their credentials reset. While the natural inclination to be helpful can make it difficult, resist offering this kind of help unless you can confirm the person to be trustworthy.

Working Within the Comfort Zone

When we think about hackers, one of the most common features that our imaginations likely share is the “fact” that the cybercriminal is operating at a distance. Unfortunately, this isn’t always the case, as a key social engineering tactic is to conduct an attack right under someone’s nose. A clever cybercriminal might gain access to a large enough business by loitering around where employees take their smoke breaks, gaining access to the building by simply following the group back into the office. Alternatively, some of the more theatrical scammers may actually dress up as a maintenance worker or some other vendor to gain access, where they can then peek at your employees’ screens or steal data from trash cans.

Unfortunately, this technically would also include insider threats, where your employees intentionally cause data breaches and leaks.

Fear Tactics

Finally, fear has long been known to be a powerful motivator, so it really is no surprise that cybercriminals would resort to this means to coerce their targets into compliance. This tactic is what gives phishing such a nasty bite, along with many other guerilla forms of cyberattack. Striking fast, and threatening severe consequences if the target doesn’t do exactly what they are told, the cybercriminal can create a very convincing narrative that an end user unfamiliar with the warning signs of such attacks could easily fall for.

We Can Help Protect Your Business

From improved authentication methods to upped awareness to improved security solutions, Direct Technology Group can help you secure your business from unwanted intrusions. To find out more about what we offer, reach out to us at 954-739-4700.

Tip of the Week: Properly Cleaning Your Laptop
Shadow IT Is a Problem, or Is It?
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 30 September 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Business Computing Cloud Efficiency Productivity Google Hackers Network Security Malware Data Microsoft Innovation Business Software User Tips Hardware Email Smartphones Hosted Solutions Miscellaneous Communication Backup Workplace Tips Mobile Devices communications Computer Internet Small Business Android IT Support Cybersecurity Smartphone Ransomware VoIP Productivity Business Management Outsourced IT Social Media Browser Collaboration Windows 10 Users Upgrade Windows Managed IT Services Mobile Device Network Tech Term Passwords Microsoft Office Cloud Computing Automation Bandwidth Apps Windows 10 Save Money Business Continuity Holiday Employer-Employee Relationship IT Services Phishing Managed IT Services Facebook Quick Tips Office Chrome Data Backup Internet of Things Gadgets Marketing Managed Service Saving Money Mobile Device Management Disaster Recovery Wireless Networking Information Server Data Recovery Apple Health Wi-Fi Gmail IT Support Covid-19 Analytics Router Alert Applications Password Office 365 Cybercrime VPN Hacking App Access Control Virtualization Data Breach Office Tips Mobility Remote Computing Business Intelligence Settings Retail Computers Managed Service Provider BYOD Application Government Remote Monitoring Law Enforcement Remote Work iPhone Recovery Excel Website Battery Operating System Blockchain Patch Management Going Green Data Management Twitter BDR Laptop Physical Security WiFi Compliance VoIP History Mouse Big Data Paperless Office Managed IT Service Politics Virus Voice over Internet Protocol Value Social Engineering Artificial Intelligence Environment Maintenance Printer Bring Your Own Device Humor Conferencing Lithium-ion battery Mobile Computing Spam Word Telephone Systems Google Drive Employee-Employer Relationship Entertainment Biometrics Workers Safety Tech Support IT solutions Hard Drives Cost Management Sports Customer Relationship Management Net Neutrality Data Security G Suite Shadow IT Business Technology Vulnerability Information Technology Risk Management Customer Service Internet Exlporer Cortana Medical IT Telephony Scam Connectivity Fax Server Streaming Media The Internet of Things PowerPoint Smart Technology Batteries Social Network Two-factor Authentication Encryption Files Data storage End of Support Payment Cards eWaste Telephone System Current Events Search Wireless Charging Dark Web User Error Best Practice Printer Server Windows 7 Hosted Solution Virtual Reality Managing Stress Education Tip of the week Shortcut Remote Tablet Remote Monitoring and Management Content Filtering Virtual Assistant RAM Data Protection Mobile Office Human Resources How To Cleaning Tech Terms HIPAA Hybrid Cloud Meetings Processor Robot Healthcare Company Culture DDoS Relocation Network Attached Storage Management Electronic Health Records User Security Windows XP Millennials File Management Update PDF Paper SSD Display Processors IT Licensing Video Games Distributed Denial of Service Gadget Budget Bluetooth Server Management Remote Working Memory Employees Reporting Managed Services Provider Outlook Ink Inventory Benchmarks Spyware Hosted Desktop E-Commerce Travel Cables Black Market USB Machine Learning Solid State Drive Webcam Recycling Vendor Profitability YouTube Mobile Security Programming HP Firewall Worker Payment Live Streaming Alerts GDPR disposal Telecommute PCI DSS Hard Disk Drive Sales Voice over IP Eliminating Downtime Multi-Factor Security Downloads NarrowBand SharePoint e-waste Consultant Document Management Profiles Computer Accessories instant Messaging WhatsApp Work/Life Balance Downtime Storage Data loss Regulations Compliance Analyitcs Video Knowledge Avoiding Downtime Bitcoin eCommerce Distribution Automobile Wireless Internet Trends Wireless Technology Notifications Best Available Digital Computer Repair Hacker Cameras Vulnerabilities News Amazon Error Copy Staff Innovations OneNote Comparison Online Shopping Fleet Management Help Desk A.I. Chromecast Edge IT Service Access Science Cryptocurrency Plug-In Monitor Touchscreen Paste Internet exploMicrosoft Database Websites Windows Server 2008 R2 Specifications WIndows 7 Threats Multi-Factor Authentication Antivirus Unified Threat Management Certification Techology Movies Reputation Mobile Printers Windows 8 Proactive IT Google Maps Windows Media Player Microsoft Office 365 Advertising Tactics Dongle Taskbar Social Scams Lead Generation Holidays Training HaaS Unified Communications Wearable Technology Customer IT budget Time Management Remote Support Spotify Hiring/Firing Authentication Remote Control Private Cloud Internet Explorer People Bloatware National Security Project Management Virtual Private Network Personal Information Security Cameras Flexibility Running Cable Uninterrupted Power Supply IT Management Remote Workers Chrome OS Cabling Analysis Staffing Botnet Authorization Spam Blocking Public Cloud Threat Technology Tips Entrepreneur Updates User Tip Social Networking Phone System Insurance WannaCry Co-Managed IT SaaS Wearables Legal Microsoft Teams Touchpad User Tablets File Sharing Managed IT Troubleshooting Email Management Printing Backup and Disaster Recovery Telecommuting Hard Drive Memes