Social Engineering Awareness Crucial to Survive Today’s Cyber Threats

Hackers in the shadows

How may I help you?

You can consider the days when hackers lived only in the shadows long gone. If it wasn’t stressful enough to always be worrying about hackers coming after you from the darkest corners of the digital world to steal, destroy or hold your data hostage, now you have to worry about whether or not you are actually seeking them out in broad daylight. A recent rash of full-press social engineering scams making headlines lately should leave no doubt that it’s far from a baseless worry, and that there can be potentially hefty consequences. The truth is, when it comes to social engineering there is no magic software solution or hardware fix, it’s all about human awareness – which must first be taught before it can be applied.

Social engineering is all about trust

Whether the “con” used is a tried and true email-based phishing or spear phishing scam, or one of these latest pretending to be from well-known companies like Netflix, AOL or Comcast, among others, that incorporate real Google and Bing ads coupled with actual 800 or other toll free numbers, it’s all about making the “mark” feel like they are interacting with a legitimate entity or person they can trust. If that hook is set, everything else is easy, and the inevitable outcome leaves you as the next victim of data/identity theft, fraud, data destruction, or worse.

Hackers flex some business acumen – Need a target? Why not advertise?

Anyone with a business website knows that it takes a lot of effort to make it up to, and then maintain, first page status for search returns on major on search engines like Google and Bing. But if you want to spend some money, you can also dive into the world of Google or Bing ads that will propel you to the top of search return pages when certain keywords are searched – for a price. It’s a price hackers have decided is worth paying. Now, when you are having trouble with a service and need support, a simple search like “I need Netflix support” can bring up a false ad created by hackers with a toll free number and/or a link to a site that’s been crafted to look very much like the real thing to coax you into entering credentials. Once that’s done (now they already have your account credentials), a splash screen will typically appear that you have been cancelled or some other bogus claim that would prompt you to call for support. Then it’s up to a smooth talking charlatan to convince you that he/she would need to log into your system remotely to help. With full access to your system now to transfer malware for future attacks, or to access other accounts, or exfiltrate confidential data directly, it doesn’t take much imagination to understand the trouble that could lie ahead.

Don’t underestimate the scope of the problem

It’s not just a few isolated incidents here and there either. Google spokesman, Aaron Stein, said they removed 350 million bad ads last year – that translates to one bad ad being removed more than every tenth of a second, every single minute, of every hour, of every day of the year. If that many got caught, how many got through? Even if it’s just a tiny percentage compared to the ones which were blocked, it’s easy to see the numbers are not in your favor, and that social engineering awareness has never been more crucial.

Learning a lesson, without the damaging consequences

The key to stopping any kind of social engineering attack is to raise awareness enterprise wide. One of the best ways to do that is with regular penetration testing that also puts a strong focus on social engineering attempts. That’s what Global Digital Forensics (GDF) provides for clients, doing everything from setting up dummy websites and making phone calls, to creating and launching well-crafted spear phishing campaigns so that the weakest links in the security chain, the human links, can learn the hard lesson that only comes from actually being caught off guard. But instead of a hacker teaching a lesson that can have dire and far reaching consequences, GDF will use the results to help organizations raise awareness, and even help with training personnel on what to look for, like false domain names, redirect links and spoofed email headers, just to name a few.

Getting ahead of the problem is the most cost-effective approach to solving the problem, so get help today!

Global Digital Forensics is a recognized industry leader in the fields of cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.