Illustration of a social engineering scam

Hacking Through Deception: How Phishing & Social Engineering Scams Work

In a previous article, we discussed how hacking is not always what it is imagined to be in the popular imagination. We imagine highly trained hackers typing away at a console or using lines and lines of code written by a professional to exploit weaknesses in the program. While these kinds of exploits do happen, the most numerous attacks are actually ones that exploit our inability to spot threats and our inability to practice good tech hygiene. We previously talked about how reusing old passwords on every site could lead to your systems being exploited, but there are far more vulnerabilities than that.

Phishing Scams

One common way that hackers can gain access to your system is by sending false emails, specifically false ones designed to look real. They do this by either spoofing your organization’s email address or by pretending their email is from a large, trustworthy organization. For example, some have been known to hack entire cities by using city email addresses to request access to personal information or to request passwords. They can then use this information to obtain server access and hold the server ransom.

Some hackers even use fake emails designed to look like they’re from Comcast or similar companies to fake authority. The goal is to get you to trust the authenticity of the email through the fact that the company they are impersonating is trustworthy, with the goal of getting you to download something or to click on a link that will then contain malware. Some emails can actually load malware on your computer just by opening the email through use of JavaScript. The solution? Don’t send out personal data over email, and make sure that you always recognize the email or ensure that you requested it before clicking on any links. Never download anything that someone sent you a link to if you don’t recognize the URL.

Social Engineering

Last but not least, there is social engineering. This comes in all shapes and sizes. It can be as simple as faking a delivery and checking the monitors for anything with “password” written on it. Or it can be something like using social media to build up a friendship in order to gain the answers to security questions. That would allow them to reset an account’s password or to authorize a new computer into an account even if multi-factor authorization is set up.

Some social engineering can not just make use of words and actions in order to gain information, but also physically plant hardware. Sometimes this is as simple as mailing someone an infected USB as a “promotion” or infecting all of the devices at a library. Other times, it can involve a hacker physically gaining access to a place themselves and inserting a USB that has a virus, malware or key tracker on it. While there is some knowledge needed to either make or download a virus, this sort of attack can be far easier than having to make it past a firewall remotely.

Protecting Yourself

Make sure your passwords are strong and are either in a secure website like LastPass or at least hidden well at home. Make sure that you do not use any hardware that you cannot verify its source. And last but not least, always be on the lookout for potential scams and hacker attempts whenever you’re using a device connected to the internet. A little bit of paranoia can be a good thing when it comes to tech hygiene.

cyber security
Previous Post
How You Benefit From Teaching Staff Digital Hygiene
Next Post
New Year’s Cybersecurity Resolutions Every Small Business Should Make

Related Posts

Cyber attack concept on a computer

TekRESCUE’s Guide to Cyber Emergencies and Recovery

rescuing data concept

Rescuing Data – IT Crisis Management vs. Cyber Emergencies

Hacker ready to DDoS attack a business

Distributed Denial of Service (DDoS) Attacks: Building a Defense