Most small business owners have begun to integrate cybersecurity solutions into their organizations, and hackers are reacting accordingly. They’re less likely to rely on weaknesses in the technology itself and instead focus on exploiting human ignorance. It’s called social engineering, and it’s all about duping unwitting victims into surrendering private data, downloading malicious files, or some other dangerous action.
According to a recent report by Verizon, at least 43% of data breaches were carried out through social engineering. There are a handful of security policy strategies to protect your business from such scams, but the only truly reliable way to stem the tide of these attacks is to train your staff. Everyone on your team needs to be aware of the following scams and how they work:
#1. Linking scams
One of the simplest and most common forms of phishing is to disguise a malicious email or web address as communication from a well-meaning business. Indicators could be something as tiny as a barely noticeable misspelling in a web or email address.
International domain names may also present a threat, since they allow hackers to deceive people with addresses that look completely authentic but actually contain foreign letters. In 2017, for example, a hacker registered an adobe.com domain that used the Latin letter “b,” which looks identical to the English “b” but is totally different from a computer’s perspective. The fake website looked identical to the real adobe.com, but distributed Flash players packed with malware.
#2. Vishing scams
A portmanteau of voice and phishing, vishing is a social engineering method carried out over the phone. Although vishing scams can also rely on landline telephones, the anonymity of the internet makes VoIP communications the medium of choice for these scammers.
One of the most common vishing campaigns involves scammers pretending to be a bank representative calling about a fraudulent purchase and asking you to confirm your credit card number over the phone. Fortunately, these scams are easy to avoid so long as you never give out sensitive data to someone who called you first.
#3. Email scams
Email remains one of the most popular delivery channels for phishing scams, a fact that can be demonstrated by a quick glance at almost any spam folder. These scams rely on duping victims by masquerading as official correspondence from a legitimate company.
Common signs of phishing emails include:
- Mismatched display and email address (e.g. Chase Bank – firstname.lastname@example.org)
- Spelling errors in the subject line or email body; or
- Any request asking you to send password or payment details by email.
As a general rule of thumb, you should be safe as long as you never provide any private information via email. No legitimate business will ever ask for such information in an email.
#4. Website scams
Many phishing scams are carried out using malicious or compromised websites that have been designed to capture sensitive information from people who think they are logging into a legitimate online account. Potential victims often end up on these sites via a linking scam, since Google works hard to ensure phishing websites never show up in search results.
Malicious websites usually look like legitimate businesses but will relay the username and password you enter to a hacker. You can tell if a connection is secure by the appearance of “https” or a lock icon in the address bar. If a website is asking for financial information and doesn’t have either of these, leave immediately.
#5. Targeted scams
By far the most dangerous and effective social engineering scams of all are those carried out by skilled and patient cybercriminals who choose their targets carefully before homing in on them. These are the so-called spear-phishing attacks, which target specific members of staff in an organization, especially high-ranking employees.
Targeted scams are often carried out after researching a potential victim extensively, since this allows criminals to make a personalized connection by masquerading as a friend or colleague. Sometimes, scams are carried out using compromised email addresses for added authenticity. Always be sure to verify the sender if there’s the slightest thing that seems out of the norm.
SinglePoint Global is a full-service strategic consulting firm helping businesses in Washington DC and Northern Virginia get more out of technology. Get in touch today if you’re looking for an IT partner you can trust.