Social Engineering

Who do you think may be the weakest link in the Cyber Security chain?… It could be you! By Ray Rannala, FutureNet Group, Inc.

Surprised, don’t be. At some point in everyone’s career we may all have been subject to a deception of some sort. In the Cyber Security world we refer to this personal deception as “Social Engineering”. Simply put, we are trusting and the crooks know it. One of the most common and insidious means of attack is referred to as Phishing. Odds are extremely high that you have received one or even many of these fraudulent emails (I have). Phishing can be as innocent as an email from a hacker posing as a friend suggesting that you click on a link to see something funny or interesting. Once you click, you have been hacked! These hacks represent as many as 77% of all social attacks according to the folks at The Social Engineer. By the way, this is how many ransomware attacks take place! Remember Wannacry?

Speaking of ransomware, be very wary of any warning that pops up on your screen while browsing a website saying that your computer has been infected by a virus and that you need to click on a link to take you to Microsoft or Apple for a resolution. If you do, you have been hacked. Even nastier, is a scam that brings up an official FBI looking window and logo that says child porn has been found on your computer and is being reported to the authorities. The message tells you to click on a button to avoid prosecution. The moment you do so, you guessed it, you have been compromised and your data is encrypted. They ask you to pay using PayPal or Bitcoin and even then there is no assurance that your data will be restored.

Another “social hack” can come at you via your phone which is called Vishing. In most cases a legitimate sounding robo-call asks you to call a toll free number to validate important “account information”. When you call, all seems legit and the minute you enter the requested info, you have been hacked! It is estimated that companies lose on average $43,000. per account. Ouch!

You may even get a call from someone claiming to be from Microsoft or “Windows” support telling you that they have noticed an anomaly on your computer and that they need to have access to your system to check it out and correct the problem. Once again, the moment you grant them access, you have joined the “been hacked club”!

Oh, and did you ever pick up a thumb drive laying around in your office lobby, airline seat pocket, on the ground outside your office or even on the train or bus you take to work. Guess what, DON’T PLUG IT INTO YOUR COMPUTER! It may contain malware that can take over your computer or possibly take down your company’s entire IT infrastructure and send valuable information to the hackers.

Also be mindful and aware when moving around your office. If you have a key card system make sure that you are not a victim of tailgating. This is where someone follows you into a secure area assuring you that they simply left their card at their desk, car or home. Once in, they may have access to your firm’s most sensitive systems. A good friend of mine recently retired from the FBI. During the weeks and months after 9/11 he was assigned the job of doing this at all major US airports. His goal was to make his way to the tarmac to uncover security vulnerabilities. He had a 100% success record.

The goal here is not to scare everyone, but to make all aware that cyber-attacks can come from all sides not simply brute force hacking directly into a company’s computer system. Don’t be the weak link in your household or office. All employees need to be fully cognizant of these forms of attack as they leave your company vulnerable.

FutureNet Group offers a broad range of solutions to protect businesses from a wide range of cyber-attacks including phishing and spoofing to name just a few. We can also provide your organization with education to create awareness for your colleagues. To contact us, call our main number 313.544.7111 or you can reach me directly at 727.410.8344 (raymondr@futurenetgroup.com) to discuss possible vulnerabilities and challenges your company may be facing and strategies we can employ to secure your business.

FutureNet Group has built a long term trusted relationships with organizations like the Department of Defense, many Federal agencies, and large corporate enterprises by providing a broad range of highly effective security solutions.