The Three Social Engineering Hacks your Company Should Prevent Now

by

Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part, experts say.

“Phishing has come a long way from mysterious foreign princes asking for loans,” said Nicholas McCourt, Chief Information Security Officer at Integris, a national managed IT service provider. “Now they’re using AI and advanced tools to do their research beforehand. They can launch attacks so customized and convincing, your employees won’t see it coming.”

Specifically, Integris warns companies to prepare for these three types of new attacks:

#1: Fake But Realistic Requests

Hackers can research your company well enough to play the role of a new potential customer or an existing vendor in your system. They’ll ask you to download their RFP or enter their new banking information into your system so that they can pay your latest invoice. With a few clicks, your employees could download a worm into your system or open your bank account to thieves.

How to fix it:

Teach employees to research the person or company before fulfilling the request.

#2: Social Media Extortion

Most people know better than to put their contact information and emails on social media accounts set to “public.” But many of your employees may have emails and phone numbers available to Facebook or LinkedIn friends. That information is all a hacker needs to set up an account in your employee’s name on damaging websites, like child porn sites. Hackers can use that “proof” to extort employees into giving up their corporate passwords.

How to fix it:

Teach employees only to use in-app messaging on social media sites and never give out their personal or professional emails.

#3: AI-Assisted Spoofing

Are you happy with your CEO’s recent company video? So are hackers. They can sample your CEO’s voice using AI technology, then use that sample to call up your accounts receivable department. “Add this new vendor to the system, and transfer this money,” they may say, sounding precisely like your CEO. When employees realize it wasn’t your CEO making that call, the money will be gone without a trace.

How to fix it:

Ask for code words, account numbers, or other forms of two-factor verification. No exceptions.

For more information on how to prevent cybersecurity breaches, visit the Integris website at www.integrisit.com/blog.

Susan Gosselin is a Solutions Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

Put Your Cybersecurity Policies to Work for You

Put Your Cybersecurity Policies to Work for You

It’s one of those truisms of life: if you get all your chores done, you get to go out and play. Cybersecurity policies are a lot like that. They are the structures you must have before your systems can run as they should. Look, I get it. Considering that most...

Strengthen Your Corporate Culture with Identity Theft Protection

Strengthen Your Corporate Culture with Identity Theft Protection

Offering identity theft protection to your team is a quick win to strengthen corporate culture. This HR benefit also cultivates empathy, peace of mind, and increased productivity. When you consider the following identity theft statistics, the time for HR to implement...

What It Means to Invest in Your People

What It Means to Invest in Your People

As the head of HR and Recruiting here at Integris, I spend a lot of time thinking about our ideal job candidate. We’re a fast-growing tech company focused on premium service, so we must hire people who are more than just technically proficient. We’re also looking for...