Stop Helping Hackers!

Hackers commonly leverage social engineering to get a foothold in a company. In September, MGM Resorts' computer systems shut down for 10 days while recovering from an attack believed to be due to social engineering. Quite often, the easiest way to hack into a computer system is via humans.

In a social engineering attack, the attackers leverage information found online such as Facebook, LinkedIn, or Instagram, including employment, or current location in the posts or photos. In the MGM attack, the hacker reportedly used information on LinkedIn to call MGM's IT help desk and obtain credentials. Able to log in, they can then exfiltrate and/or encrypt sensitive data and demand payment. Whatever data that employee had access to, is now lost, unless the company has off-site/detached backups the hackers cannot access from inside the network.

A hacker may leverage personal info to impersonate someone, for instance pets' names, friends, birthdays, vacation spots, etc. Videos provide voice samples that can be used for direct voice impersonation via new AI tools. Photos may include coworkers or computer screens. Most people have an active social media account of some type, and many are public meaning anyone can view content. Few truly vet their followers to make sure they are known friends.

Let's say someone posts about their new job. They may be looking to please their new employer. So when their "boss" sends an urgent email to ask for a favor, they may not stop to think about whether it's real or not. Or the hacker may contact the company treasurer or HR person to "correct" paycheck direct deposit information.

Protect Yourself

• Don't reuse passwords
• Set social media accounts to private
• Be skeptical of unexpected emails
• Be suspicious of unexpected attachments, even from people you know
• Double check senders on emails, notably the reply-to address or sender address, usually viewable when starting a reply
• Confirm requests
• Security is more important than speed

 

October 2023

Send this article to a friend!
Subscribe to The ITS Connection

Related articles

• Dangers of AI And Deepfakes
• Biggest Security Risk: Your Employees
• One Successful Phish Can Kill Your Business
• Return to article list