Catharsis Managed IT Ltd blog
Would Your Users Fall For These Social Engineering Schemes?
Social engineering is one of the trickiest parts of protecting your organization. It might sound like something out of a science fiction flick, but it’s one of the most dangerous attacks that a hacker can use against your business. Social engineering attempts to manipulate the target into giving away sensitive credentials or personal information for the purpose of stealing identities and other malicious intentions.
Here are some of the most popular social engineering hacks that you’ll have to watch out for in the business world.
- Vishing: More people are aware of phishing attacks than ever before, so naturally hackers had to pick up the slack somehow. Vishing is the alternative option that they are now trying to use, which features a voicemail asking for personal information.
- HTTPS: SSL certificates can make sure that users are aware of whether or not a website is secure enough to protect your personal information. However, HTTPS doesn’t necessarily mean that a website is using security. Hackers can lure in victims by providing “free” SSL certificates to organizations, providing them with a false sense of security. You need to find proof that the website using SSL has an extended validation (EV-SSL), which is not offered for free at all. You’ll see a green bar in the URL bar when this type of encryption is available.
- Website Copycats: Some scammers have even gone so far as to make websites that look exactly like reputable sites that are designed to harvest credentials or infect computers with malware. One example of this is the Equifax data loss incident which occurred in June 2017. Equifax had set up a website to help clients who had their information stolen, which used the URL equifaxsecurity2017.com. However, hackers capitalized on this event and created a spoof website using the domain securityequifax2017.com. The result tricked Equifax themselves. Here are some tips to help you avoid these spoofed websites:
- Make sure the URL is correct
- Don’t give information to sites that aren’t using EV-SSL
- Look for seals of trust from reputable IT security websites
- Be on the lookout for spelling errors, typos, or broken English
- Every Word Password Theft: Hacking tools have certainly developed into more sophisticated threats, going so far as to utilize every single word in the dictionary to crack passwords. These password crackers can create hundreds of thousands of credentials in a matter of minutes, all using a dictionary attack against unwary users. Therefore, the best approach to creating strong passwords is to use numbers, letters, and symbols to make a mixture that nobody would expect.
Online threats can be a considerable problem for your organization, especially when they use each and every exploit against you. Thankfully, with some proactive measures that can keep your business safe, you’ll have a much easier time going about your online duties without exposing your data to threats. To learn more about how to protect your business, reach out to us at (416) 865-3376.