Strong ‘Human Firewall’ Helps Thwart Social Engineering Scams
Historians debate whether P.T. Barnum ever actually claimed that there’s a sucker born every minute. Regardless of the attribution, the message seems accurate enough – people continually get duped into making very bad decisions with costly consequences.
The technology age has enabled a whole new class of hucksters and swindlers. Preying on people’s trust, lack of awareness and curiosity, hackers use a variety of social engineering methods to steal money or data from their victims. In a recent survey by the Information Security Media Group, 60 percent of security leaders said their organizations were or may have been victim of at least one targeted social engineering attack in the preceding year.
A strong “human firewall” is the best defense against these kinds of attacks. It’s important to educate your employees so that they’re able to spot social engineering scams.
Phishing attacks that use spoofed emails to fool recipients are fairly well known. Here are some other types of social engineering attacks you should be on guard against:
Voice phishing, or vishing, refers to phone-based attacks. Scammers claiming to be with the IRS, your bank, a healthcare provider, a charitable organization or some other entity attempt to get you to provide credit card information or banking credentials. These calls typically use a spoofed phone number that masks the caller’s true number.
Business email compromise
These are wire-transfer schemes that target employees who manage money and regularly perform wire transfer payments. Scammers assume the identity of a company executive or a trusted vendor to request funds. By requesting electronic wire transfers instead of some sort of direct cash or credit card payment, the attack gains an air of legitimacy. According to the FBI, there has been a 1,300 percent increase in such attacks since 2015, with identified losses totaling more than $3 billion.
Search engine optimization (SEO) scams In these attacks, a self-proclaimed SEO “expert” sends an unsolicited email that claims an analysis of your website shows that unspecified errors or problems are causing your site to underperform. They offer to fix the issues and improve your Google search ranking for a fee. Typically, you’ll end up being billed for work that was never done or for work that was essentially useless.
Fake web sites
It’s easier to create a counterfeit version of a web site than you might think. Copying a design is simple enough, and scammers often register domain names that mimic common misspellings of legitimate sites – for instance, there are hundreds of sketchy sites that use legit company names followed by “.om” for the domain name instead of “.com.” These sites often contain hidden malware.
Right-to-left override (RTLO)
RTLO is a feature within the Unicode encoding system that tells your computer to convert file information written in a right-to-left language (such as Arabic or Hebrew) to a left-to-right language (such as English or French). An RTLO attack leverages this feature to disguise malicious executable (.exe) files. For instance, a filename such as “Invoice.exe.doc” would appear to be a Word document, but is actually “Invoice.doc.exe.”
Organizations often think of network security as strictly a technology issue. In truth, establishing a strong “human firewall” through internal security policies, training and education is just as important as investing in antivirus software, firewalls and virtual private networks.
ABOUT THE AUTHOR
Lisa Detwiler, President joined SSD Technology Partners in 2006 as Chief Marketing Officer, and in 2014 she and her two partners Woodie Bowe and Nick Ewen purchased the company. Detwiler holds an MBA in Marketing and Strategy from Carnegie Mellon University. Lisa successfully led SSD through a difficult economy in 2012, recording the company’s greatest growth record in 31 years.
Lisa believes that our foundation for success does not come from fancy business buzzwords or the latest management fads. Success comes from behaviors and commitments to basic guidelines of how we operate as individuals and as a company; do what’s best for the client, practice blameless problem solving, seek to create win/win solutions, check the ego at the door, and communicate to be understood.
Lisa serves the community as a Board Chair of both the American Red Cross and the Delaware Better Business Bureau and has been a member of Wilmington Rotary Club for 10 years.