When reading about celebrities having their personal accounts hacked, you may run across the term “social engineering” as a method the cyber criminals used. It’s important that everyone who works in a small business understand the ways cyber criminals use methods that fall under this label, even those who don’t work full-time in front of a screen.

To be more clear, the term “social engineering” refers to a type of hacking that resembles a confidence game, or “conning.” Essentially hackers are trying to get someone to provide them with a missing piece of information, one they need to put together an elaborate puzzle to be used in gaining access to an account. A well-known “beginner” type of social engineering is “phishing,” where a cyber criminal sends out mass emails that appear to be from a bank or another type of business with whom someone may have an account. The hacker hopes a victim will click through to a fake login page where they will provide their username and password.

But social engineering schemes can be far more complex and extremely elaborate than the ham-fisted phishing approach. Here are a few more examples of social engineering, and ways you can recognize the con.

Quid pro quo

The familiar Latin phrase “quid pro quo” simple means “something for something.” In this con, an attacker calls random numbers at a company claiming they are technical support calling back for some software, app, device, telephone line, etc. (We once had someone claiming they were from “Twitter” call us. We hung up as we doubt they have phones at Twitter.) The hacker will do this until they find someone with a legitimate problem then “help” them solve it and, subsequently, obtain a bunch of commands that gives them access to do as they please (launch malware, for example).

Tailgating

No, this isn’t when an attacker steals your freshly-ketchuped hotdog at a parking lot picnic before a college football game (though, that’s frustrating); this is when, appearing like an employee, an attacker walks into a secured area behind an employee with access. The employee, spotting this person, may assume the attacker is supposed to be there and hold the door for them. Even if the employee asks to see identification, the attacker may claim they forgot or lost it, or present a believable fake.

Cracking your email

One of the more recent scams has involved attackers hacking popular email accounts like Yahoo, Gmail and Hotmail. Posing as the user, they will steal credit card information, passwords and other valuable information, OR take your chat histories and manipulate them (using photoshop) to blackmail you or create distrust. With this, they can also hack company websites and attempt to ruin reputations.

Bottom line

Inform your employees to never reveal a password to an email or other sensitive account. If it is necessary to provide a password in a unique situation, seek advice from your technical staff or consultant.


(Feature image: Sofi via Flickr)

24
Ten Tips From the FCC for Improving Your Small Business Cyber Security

Ways to improve your small business cyber security from the U.S. Federal Communications Commission.

25
Password Protection Advice from SmallBusiness.com

Username and password protection is an ongoing requirement for small businesses. Here is a roundup of helpful advice on internet security and password management that has appeared recently on SmallBusiness.com

26
Ebay Asks 145 Million Users to Change Passwords

Ebay is asking its 145 million users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords “and other non-financial data.”

27
What is Two-Step Verification and Why You Should Start Using Them

It’s incredibly easy and fast to use a two-step verification method to protect your online accounts. Here’s how they work and why you should use them.

28
How (and Why) to Use a Password Management Application

A lock on your front door doesn’t do you any good if you keep the key under the mat, just like the best security on the web won’t protect you if you have the same bad password on every site you visit.

29
How to Reduce the Odds of Being Hacked While Using Public Wifi

Getting in a solid work session at the local coffee shop may be a tempting idea, but it has its risks. Like getting your personal information stolen because you were careless on a public network.