When we think of online scams, for most of us, several images come to mind: Nigerian Princes who need us to make a transfer so that we can become millionaires, websites offering gifts for being their millionth visitor, and so on.
However, things have become so much more sophisticated. Not just because the methods used to con people are more complex in terms of how they can be detected, but also because thieves have learnt a vital lesson: their largest source of wealth isnât isolated users, but the companies in which these users work. This is why the workplace has become their ideal target.
Types of social engineering attacks
These days, the trick doesnât necessarily lie in getting a virus onto someone elseâs computer. Instead, the aim is to get the users themselves to do the dirty work. This is whatâs known as social engineering, a method by which a criminal will use us to carry out an action which will severely compromise our companyâs IT security.
Broadly speaking, there are several types:
1.- Tech support. This has been one of the more frequent scams in recent years. Whether itâs via an email, a suspicious website, or even a phone call, weâll receive a warning that something in our software or operating system has gone wrong, and that we need to get in touch with tech support ASAP. Time is the key element in this scam: if the criminal pulls it off well, theyâll manage to convince you that the longer it takes you to apply the solution, the worse itâll be for your company. Once you contact them, there will be a vast array of possible cons: installing malicious software, providing credit card details, sharing confidential information about the company, to name but a few. If the employee complies, the scam will have begun.
This is a big deal. According to a study by Microsoft, tech support scams are the most frequent and most dangerous type of scam. In fact, in 2017, Microsoft received complaints from 153,000 users reporting this type of scam, 24% more than the previous year. Whatâs more, these complaints came from 183 different countries, which paints a dangerous picture of a scam which is happening at a global level.
2.- Software update. This is similar to the tech support scam, but in this case it almost always comes from a website. Weâll come across a banner telling us about a problem with our browser or operating system: a virus has been detected, you need to download the latest version of flash, and so on. If we click on these banners, weâll end up installing malicious software on our computer.
3.- Identity theft. This one is especially common via email: we get an email which is supposedly from someone in the office (a boss, a workmateâŠ) or someone high up in the company who we really shouldnât ignore. If we fall into their trap, weâll be tricked into installing software or giving out personal, financial or corporate information.
 What to do to avoid this.
The worst thing about these attacks is that they donât affect just the user: if these attacks are carried out in the workplace, the cybersecurity of the whole company will be in serious trouble. This is why itâs a good idea to take measures to avoid possible vulnerabilities.
1.- Employee awareness. Many employees tend to think that any possible scams will target the very core of the company. However, itâs precisely the lowest links in a company which are the weakest. Every company must make sure their employees are aware that they too are vulnerable.
2.- Some keys. If an employee gets an email that seems to be from the companyâs corporate email address, are they sure that it really is? If the companyâs name contains the letter âlâ, have they checked that it hasnât been swapped for a capital âiâ to throw them off? If the warning is coming from a website, have they wondered why something like this would pop up in their browser? If they get a phone call, why would they get this call on their personal mobile? These kinds of tips wonât keep us completely secure, but they can be useful.
3.- Itâs better to be suspicious. If in doubt, itâs better to be suspicious of everything, rather than putting a companyâs cybersecurity at risk. If an employee has any kind of doubts, the best thing to do is to reach out to someone in charge to check the information before doing anything.
4.- Threat detection technology. With the human side of the problem solved, the technological problem also needs to be solved. To do so, companies need EDR (Endpoint Detection and Response) technologies, which will identify and predict possible threats, acting on them in the case of any danger. Itâs what Panda Adaptive Defense 360 does, which, when faced with any threat, blocks every kind of danger or malicious software before it can be installed as a consequence of this type of scam.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
1 comment
Î visited many web Ïages Ò»owever tÉŠe audio quality
for audio songs Ńresent at thŃs site is Ńn fact wonderful.