Prevent Three Social Engineering Hacks Now


Since 2020, Google has identified and delisted 2 million websites for launching phishing attacks—an army of nefarious websites that Cisco says have hit 86 percent of all global companies. But it’s the social engineering behind those attacks that’s the scary part, experts say.

“Phishing has come a long way from mysterious foreign princes asking for loans,” said Nicholas McCourt, Chief Information Security Officer at Integris, a national managed IT service provider. “Now they’re using AI and advanced tools to do their research beforehand. They can launch attacks so customized and convincing, your employees won’t see it coming.”

Specifically, Integris warns companies to prepare for these three types of new attacks:

#1: Fake But Realistic Requests

Hackers can research your company well enough to play the role of a new potential customer or an existing vendor in your system. They’ll ask you to download their RFP or enter their new banking information into your system so that they can pay your latest invoice. With a few clicks, your employees could download a worm into your system or open your bank account to thieves.

How to fix it:

Teach employees to research the person or company before fulfilling the request.

#2: Social Media Extortion

Most people know better than to put their contact information and emails on social media accounts set to “public.” But many of your employees may have emails and phone numbers available to Facebook or LinkedIn friends. That information is all a hacker needs to set up an account in your employee’s name on damaging websites, like child porn sites. Hackers can use that “proof” to extort employees into giving up their corporate passwords.

How to fix it:

Teach employees only to use in-app messaging on social media sites and never give out their personal or professional emails.

#3: AI-Assisted Spoofing

Are you happy with your CEO’s recent company video? So are hackers. They can sample your CEO’s voice using AI technology, then use that sample to call up your accounts receivable department. “Add this new vendor to the system, and transfer this money,” they may say, sounding precisely like your CEO. When employees realize it wasn’t your CEO making that call, the money will be gone without a trace.

How to fix it:

Ask for code words, account numbers, or other forms of two-factor verification. No exceptions.

For more information on how to prevent cybersecurity breaches, visit the Integris website at

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as,, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

Social Engineering: Deception in the Digital Age

Social Engineering: Deception in the Digital Age

Introduction  In today's interconnected world, our lives are increasingly online. In today's interconnected world, our lives are increasingly spent online. We rely on the internet for everything from shopping and banking to socializing and working. But as we embrace...