SystemsNet | Managed Services, Cyber Security, Data Backup, VoIP | Willow Grove, Pennsylvania | Berks, Bucks, Chester, Delaware, Lancaster, Montgomery and Philadelphia counties

Social engineering scams are so much more rampant these days than ever before. There will certainly be suspicious-looking items in your inbox when you check your emails, which are most likely phishing emails. Many people now know to avoid clicking these malicious emails, which is a good thing. But still, their vast amount makes you wonder, where do social engineering scams come from anyway? The very simple answer to that is social media.

How Social Media Is Used for Social Engineering scams

According to the latest count, there are more than 4.74 billion social media users today. For hackers, each of these users is a potential target. Hackers are using social media to entice unsuspecting users into their traps because there is such a large online population. Specifically, they create fake accounts that are used in either of the following four methods.

Manipulating Public Opinion

People can be very impressionable, especially regarding things they see on social media. Social engineers take advantage of this vulnerability to sway the public’s view on certain things, like politics. Political parties routinely create millions of fake accounts to spread information that could sway voters during elections. Online, posts from phony accounts can spread quickly and have a significant impact on voters for very little money. This is what you call Social Engineering scams.

False Advertising

It is very common to see posts on social media where you can supposedly win a prize if you like or share their page. Or how about those pages that are apparently on the verge of closing down and need to dispose of their inventory quickly, where you can get a chance to get one of their products by simply sharing their page. These are nothing but social engineering scams called false advertising.

After Steve Jobs’ death, a viral post claimed Apple was honoring him by giving away iPhones and iPads.. Millions of people from around the world clicked on the malicious link, thinking they were just entering a raffle. What happened instead was that their devices got infected with a nasty virus.

Minimally Invested Profiles or MIPs

Minimally invested profiles are created en masse and are usually bare profiles, usually with seductive profile photos that are meant to get people interested enough to add them as a contact, typically on Facebook. Once the connection has been established, the hacker will then use this fake MIP to send malware through messenger or post malicious links on your wall. That is when they start the social engineering scams.

Fully Invested Profiles or FIPs

The intended purpose of fully invested profiles is pretty much the same as that of the MIPs, which is to get people to click on certain links. But an FIP involves more effort as it is made to look authentic to the eyes of the target victim. It could imitate the account of real contact, and they might try to add you saying that they created a new account because they were hacked, or they forgot the password, and so on.

You can actually spot these fake profiles easily by practicing due diligence. Check out every account before accepting friend requests. If the account is relatively new and is suspiciously lacking in friends or content, then that is a red flag right there.

Protect Yourself From Social Engineering Scams

Social media may be part of our daily lives, but that doesn’t mean you can use it carelessly. Never be caught unaware when you are online, especially when you are using social media. This goes for both your personal and business accounts. If you use social media for business, it’s best to train all your employees in online attack prevention.

We have prepared a 10-question quiz that you can answer just to see how prepared you are to face social engineering scams or attacks. If you feel there is room for improvement, give us a call and we can step in anytime to boost your defence and increase your protection against online threats.

Terms like phishing and malware have become very common terms these days because of their widespread use online. Did you know that these activities are but a small part of a much bigger operation known as social engineering?

Definition of Social Engineering

The term might be new but the practice has been going on for centuries. It’s the infiltration of something secure, intending to acquire information or secure access through cunning means. With the use of modern technology, social engineering is now possible with the victims not even knowing. If you are caught unprepared, as a result, this could potentially lead to the downfall of your business.

External Threats in Social Engineering

Businesses these days rely heavily on technology across all operations and as a result, it makes our life easier. This gives social engineers vast opportunities to trick people into providing all sorts of information, such as the following.

Phishing

Phishing is by far the most prevalent form of social engineering attack. It is a very straightforward kind of trickery, and that simplicity is also the reason why it is so effective. Through an authentic-looking email, the hacker would take victims to websites that look real and ask them to log in, which many people would do without a second glance. Just like that, you would just as well be giving the hackers the keys to your network.

Spear Phishing

This kind of social engineering attack is a highly targeted version of phishing. It is directed at specific victims and involves a great deal of preparation, making use of contacts and references very familiar to the targeted victim, making the scam almost imperceptible.

Baiting

Just as the term suggests, this strategy is all about enticing the victim to fall for the bait. There are many approaches to this, like telling them they won something then asking to click on a link to claim the prize, or letting them know that their computer has been infected and again, getting them to click on a link that will supposedly fix the problem.

Internal Threats in Social Engineering

Once a hacker is in the system, there are countless ways that they can steal information or wreak havoc on your business. So getting their foot in the door is of the utmost priority for many of these devious social engineers.

Doing this physically is not as difficult as it might seem. One of the commonly used methods is tailgating or entering the premises on the pretense that they are an authorized entity. Many hackers also take advantage of what they can glean from public information, which is surprisingly a lot, especially if they have the patience to do a regular observation of the target area, or are willing to go dumpster diving.

How to Keep Your Business Safe from Social Engineering Threats

It’s quite scary to think that many use social engineering tactics today, but with awareness and the presence of mind, you can easily avoid becoming a victim. Simple practices like refraining from opening suspicious-looking emails and attachments would be very helpful. It is also advisable to implement multifactor authentication in all your systems and to keep your antivirus software updated.

In conclusion, as a business owner, it would be in your best interest to have all employees undergo training that will equip them with the tools and skills needed to circumvent any social engineering attack. You can find out just how much your staff knows about social engineering and other online threats by having them take this free cybersecurity quiz.

We can help bolster your company’s defenses against online threats of all kinds. From training your employees to updating your network, we can cover for you. Just let us know when you are ready and we will be happy to be of service!