More hackers and cyber criminals are using a technique known as social engineering to attempt to steal personal information, company data, and other forms of data from you and your employees.  Instead of relying on older methods of hacking, like brute forcing passwords or using sophisticated tools to break into an account, hackers can manipulate security protocols or customer service agents to try to gain access to email, personal accounts, bank information, and much more.

An example of how this might work could involve someone asking you or your employee to reset their password.  They might send you an email that looks like it’s from a reputable company stating that your password needs to be changed and then providing a link to reset it.  Clicking the link may take you to a website that looks legit, offering fields for you to enter your current password and a new one.  This is an example of a common social manipulation method called phishing, which affects thousands of businesses and average users every day.

In the above example, the link you clicked on may have taken you to a seemingly normal looking website, but, in reality, this website could have been created by a hacker with the intention to trick you into entering sensitive information, like your password, email account, or any other information that might be important to you.  Clicking the link in the aforementioned email could also lead to inadvertently downloading spyware or other malicious software that could compromise your computer’s security.

This is just one form of social engineering that could affect your business, employees, and even your customers.  Managed IT services companies, like Natural Networks, have trained staff and experts who can help you and your staff identify and prevent when social engineering attacks may take place.  Here are some examples of social engineering that you should be on the lookout for.

Other Variants of Social Engineering Attacks

Pretexting is a type of social engineering attack where the attacker may create a scenario that they use to manipulate you or a customer service person for a service or product you use.  For example, an attacker may contact your phone service provider and report that they are locked out of the account.  They might work with a customer service agent over the phone to trick them into resetting your account password and gain access to your account.  With a snap of your fingers, they could gain access to your mobile phone account and everything within without you even realizing it or having any involvement.

Phone service providers, gaming accounts, email accounts, and the like are all popular targets for this variation of attack.  It’s a good idea to enable two-factor authentication to defend against these types of attacks and to work with your phone service provider to setup a secure password or phrase that must be said before making any account changes.

Baiting is another form of social engineering that is similar to phishing.  Baiting involves enticing a victim with a prize or offer, like free music or cash.  Fraudsters will use some type of offer to trick users into giving away details or information in exchange for goods (bait).  This may even take form in other ways such as giving away thumb drives to people as a give-away.  Unbeknownst to you, plugging the thumb drive into your computer could potentially contain and infect your system with malicious software if someone has manipulated the drive in this manner.

Tailgating is another common form of social engineering many of us don’t consider.  Attackers in these situations may try to follow you into an area they are not physically authorized to be in.  Sometimes, they may even impersonate a delivery person, waiting outside your office in the hopes of following you or an employee in through the door.  These types of attacks can affect mid-sized companies where employees may not think twice about unfamiliar people walking about accessing computers in the office.  Using key cards and training employees to enter restricted areas on their own can help to prevent these scenarios.

Hackers, and fraudsters alike are always looking for new ways to access data or information.  As technology advances, there will always be those who will try to manipulate it to make a quick buck.  That’s why it’s important to always be on the lookout and take precautions when working with your office technology.  Natural Networks is a fully managed IT services provider, and we can help you and your employees identify and prevent attacks like these.  If you want to learn more about how Natural Networks can help you defend against viruses, social engineering, and other IT problems, give us a call today!