Security. When it comes to emails, apps, or googling our latest question; most of us don’t think a whole lot about it. Until our account or credit card gets compromised…
Proving that while security might not be the most glamorous topic to read about, it’s really important to stay informed. That brings us to today’s blog! Ever heard of remote social engineering?
If not, you’re not alone! We hadn’t either – until we ran across this article from Stickley on Security this week. What is remote social engineering, and why should you even care about it? Tech guru and CEO Jim Stickley explains below.
Social engineering is a method of using human interaction to convince people to break their normal security processes. It can utilize the newest technology, but that isn’t necessary in order to reach a goal. It’s been around since the beginning of time in its physical social engineering and even phone scam form. It’s a con-game for cyber thieves. Today, while physical social engineering is still very much alive and well, remote social engineering is gaining steam due to the availability of information that can be found on the Internet.
Roughly 50% of a social engineer’s time is spent doing research on potential victims. They get a significant portion of this information online. LinkedIn, for example is a wealth of information, as people post their professional history and current professional status there. A social engineer will collect data found from various sites, personal and professional, find weaknesses and use those against their targets.
One tactic that is on the rise is business email compromise or BEC. This scam costs businesses of all sizes over $3.1 Billion per year, according to the FBI’s Internet Crime Complaint Center (IC3). Since January of 2015, this type of crime has increased by 1,300%. Yes, that is the correct figure. It has been reported from within all 50 states and from within 100 countries.
This uses remote social engineering, typically using phishing email, to convince those in an organization to wire large sums of money to the cyber criminals’ bank accounts and/or becoming more common, convincing someone in the company to send human resources information such as W2s. W2 fraud has caught out Seagate and Snapchat recently. This type of scam resulted in tax fraud in 2016 to the tune of $21 billion.
Limit the information you post about your company or its business on the Internet. Even if you do use the security tools available on your social media sites, you should consider all information on the Internet available to the general public.
Remember not to get caught up in how you think a cyber thief should look or sound. People who perform remote social engineering are not restricted to the stereotypical hacker sitting in a dark room at a computer. Now nation-state actors, those wanting to gain trade secrets, and even those just wanting a big payday engage in social engineering tactics and strategies. The motivation is varied for whomever is performing the activity. The most obvious is for financial gain.
Most of the time, the signs that a con is occurring are so subtle that the targets don’t know what is happening. Exploiting the human desire to be helpful by gaining trust on a personal level is how the game is played. Always be aware of who is asking for information and when it’s sensitive and some type of cost is associated. If there is any suspicion at all, just say “No.”
How DuGood Can Help
Want to learn more about protecting your personal information? We want you to FEEL GOOD, knowing that your money is safe and secure. Visit our Security Centerto browse through more helpful blogs like this one. Or, check out our ID Theft Protection Plans. For just a few bucks a month, you can protect all your financial accounts – not just those at DuGood!
Blog provided by Stickley on Security
