Spring 2016 issue of Horizons

Cyber criminals will use any means available to get your information, or money or both if possible. They are performing technical attacks against every device connected to the internet, probing for vulnerabilities, bad configurations or poor security. But the cyber criminals are also using another kind of attack, one that takes advantage of our natural tendency to trust. Cyber security professionals refer to these attacks as social engineering attacks, but they are really the same confidence scams that are as old as human history. What Social Engineering Looks Like Most of us are familiar with the use of “phishing” emails. These are emails designed to get you to click on a link, launch an attachment, call a phone number or make contact with a con artist. “Spear phishing” is a form of attack targeting a specific person or position in an organization, leveraging social media and public information to gather details on the target—which make the emails even more believable to the victim. But, did you know social engineering can involve phone calls, fake websites, emails asking you to wire money, and even in-person visits to your workplace?

Other forms of social engineering include:

Tailgating: This is where someone will wait outside a company’s secured door and once an employee uses a security card or ID to get inside, the tailgater will follow them inside. That way, the thief can physically access your computers or paper files.

Shoulder Surfing: The thief will look over victims’ shoulders and watch as they enter their passwords or PINs.

Pretexting: Criminals will pretend to be someone with a legitimate need for the victims’ information. They could pose as a vendor, potential client or even the pizza delivery man. This can happen online, in person or over the phone. Business Email Compromise: This is a growing problem whereby fraudsters will either take control of a business person’s email account or create an account that closely resembles the real one: johndoe@xyzcompany.co instead of johndoe@xyzcompany.com. Then the attackers will email a customer or employee (an executive’s accountant, for example) and request a wire transfer. In some cases, they can use email access to change the passwords to victims’ bank accounts and completely hijack them. Baiting or Quid Pro Quo: The victims are offered something they cannot resist – for example, a free song download or help with an IT problem – in exchange for their personal information or access to their systems. One of the most popular methods of attack: free USB drives, which carry malware that allows the cyber criminal to access a victim’s system.

www.RubinBrown.com | page 19