The Three Social Engineering Hacks your Company Should Prevent Now

by

Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part, experts say.

“Phishing has come a long way from mysterious foreign princes asking for loans,” said Nicholas McCourt, Chief Information Security Officer at Integris, a national managed IT service provider. “Now they’re using AI and advanced tools to do their research beforehand. They can launch attacks so customized and convincing, your employees won’t see it coming.”

Specifically, Integris warns companies to prepare for these three types of new attacks:

#1: Fake But Realistic Requests

Hackers can research your company well enough to play the role of a new potential customer or an existing vendor in your system. They’ll ask you to download their RFP or enter their new banking information into your system so that they can pay your latest invoice. With a few clicks, your employees could download a worm into your system or open your bank account to thieves.

How to fix it:

Teach employees to research the person or company before fulfilling the request.

#2: Social Media Extortion

Most people know better than to put their contact information and emails on social media accounts set to “public.” But many of your employees may have emails and phone numbers available to Facebook or LinkedIn friends. That information is all a hacker needs to set up an account in your employee’s name on damaging websites, like child porn sites. Hackers can use that “proof” to extort employees into giving up their corporate passwords.

How to fix it:

Teach employees only to use in-app messaging on social media sites and never give out their personal or professional emails.

#3: AI-Assisted Spoofing

Are you happy with your CEO’s recent company video? So are hackers. They can sample your CEO’s voice using AI technology, then use that sample to call up your accounts receivable department. “Add this new vendor to the system, and transfer this money,” they may say, sounding precisely like your CEO. When employees realize it wasn’t your CEO making that call, the money will be gone without a trace.

How to fix it:

Ask for code words, account numbers, or other forms of two-factor verification. No exceptions.

For more information on how to prevent cybersecurity breaches, visit the Integris website at www.integrisit.com/blog.

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as Technologyadvice.com, Datamation.com, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

How to Identify and Defend Against Social Engineering Attacks

How to Identify and Defend Against Social Engineering Attacks

Social engineering attacks always happen, but they pick up during the holidays. These cyber assaults are one of the biggest threats to your business because they take advantage of your greatest asset: your employees. If you're trying to hack a business, you hack its...

Signs an Email is Phishing: 5 Signs of Phishing in Your Inbox

Signs an Email is Phishing: 5 Signs of Phishing in Your Inbox

For years we've read articles teaching us to identify the signs an email is phishing. We all know the signs, yet we still miss the blatant indicators and take the bait. According to Security Magazine, citing SlashNext, "The first six months of 2022 saw more than 255...

A Personal Twist on Zero Trust Security

A Personal Twist on Zero Trust Security

The massive Australian data breach in late September inspires me to share a personal twist on Zero Trust Security. What makes this incident colossal? BBC News Australia reports, "Australian telecommunications giant Optus revealed about 10 million customers - about 40%...