Cybercriminals use social engineering every day to attempt to hack into people’s personal information. Chances are, you have seen all three of these attempts sometime during your lifetime. Social engineering is slightly different though because it preys on the human condition. Attempting to gain trust and manipulate people. This way it’s even easier to have someone almost willingly give out personal information. In general, there are three major ways that cybercriminals use social engineering to steal your info.
The first is via email.
This is one of the most prominent ways that information is stolen. This side of social engineering has been around nearly as long as emails have and its guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps a Nigerian Prince would like to wire you a ton of money because his inheritance is wrapped up in the bank for some reason. All you need to do is pay a few fees to receive the money and you get to keep a portion of his millions. Totally legitimate right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach”. Why not right? The bank is a legitimate business, it must be real, even the email looks real. Better yet, wouldn’t you love to be a secret shopper? Receive a check for $1000, cash it, and perform a job. Innocent enough right? Not after you wire initial costs and attempt to cash a bad check. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.
Next is posing as someone you know.
This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminals can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.
Finally, a newer way for cybercriminals to target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals.
The key to these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. It certainly pays nowadays to be diligent during your time on the internet and pay attention to everything. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you are sure, and trust the sender. If you get a friend request from someone, look over their profile and ensure its real. Check out their friends, photos, and posts to ensure they aren’t fake. Then finally don’t trust any anti-virus pop-ups or ads. Make sure that you make educated decisions while surfing the internet, stay safe out there!
Most people are aware of the many scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails still in your inbox and those are the obvious ones! Not including the stealthy, “We need you to update your account info, just click the link below”, emails. It can even go deeper with hackers physically talking with you or conning you into giving them the information you shouldn’t. But the largest influx of social engineering has come from social media. As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target and you know they will target as many as possible.
Facebook has seen a lot of scrutiny lately revolving around Russian meddling in the 2016 election. Not only did they find literally millions of fake Facebook accounts, but they also found that there were FB ads created to sway American voters. This is a perfect example of the new age of social engineering. All of this comes from profiles that look legitimate on the outside but once you do a little digging you can quickly tell the difference. Same goes for the advertisements, they look as though they are from a real company or person, the ad does say sponsored like regular FB ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info.
Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.
Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, usually have very little original content on them, and usually a sexy or provocative photo as the main profile picture. Then they usually go around making friend requests in hopes that certain users won’t look into the profile and simply add them. The reason for this is to be able to eventually send you malware via FB messenger as well as post on someone’s FB “wall”.
The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these raise even one red flag, it’s likely it’s a fake FIP profile. These are intended to target a specific person or vertical in an industry. This can usually be seen once you look into mutual friends or even do a reverse image search.
These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. If that’s tough, make sure you’re firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.
Social media platforms are a scary new front for most businesses. There are so many differing opinions about social media in the workplace. However, besides the main players like Facebook and Instagram, there are many social-related platforms that can evolve your business and increase communication and productivity amongst employees and clients.
Social platforms and related software are part of the natural progression and evolution of business. Its currently being used in most businesses for collaboration, feedback, and research to name a few. It’s understandable to be hesitant, but could this improve your current processes? The answer is yes.
Currently, social media platforms offer business utilization. This alone can cut out a lot of the daily customer service calls your office manager may be receiving each day. It won’t take the place of techs if work is needed, but many simple questions or inquiries can be answered. By doing that, you can also boost the number of leads your sales team are receiving too. Now your office manager can get off the phone and answer questions through the platform while they are working on other items. This can also help marketing ventures by visually showing you a slew of analytics that can assist in knowing what people want from you, or like to see.
Communication between employees can also be enhanced and done more efficiently with social platforms. Microsoft Office offers a platform called Teams. Instead of walking all the way to someone’s office or trying to multitask while needing answers without a phone call, you can type in a name and send a message to anyone in the company. It cuts time in half, you get quick on the spot response or support. Techs don’t even have to leave their desk. Contact them via teams and they can begin to fix an issue remotely. This isn’t your only option, simply an example. There are several platforms that service so many areas of SMBs.
Employee to employee communication isn’t the only thing that benefits from social tools. Client communication does as well. Many of these platforms offer things like instant messages, video conferencing, screen shares and team sites. Think about the amount of time that is saved for both the employee and the client. Your tech can be in the office working remote instead of spending an entire day at a client’s office. You can share documents, walk a client through a simple fix with a quick screen share. This is a huge win for employee productivity and efficiency, not only that but client expectations will be exceeded in a timely manner.
Finally, social media, social tools, and social platforms are all shown to increase morale within a business. They are allowing employees to streamline their jobs without the stress and hassle of attempting to collaborate with different people via email or an office visit. It also shows them that you trust them to use these things on work time and not abuse the privilege. Taking a small break to check Facebook or network with a client makes a surprising difference in the workplace. Do some research and find out what would work best for your business. It never hurts to give it a try. For all you know, the results may surprise you.
Everywhere you turn today you will find social media. People taking selfies at the grocery store, responding to Instagram while walking down the street, and of course checking Facebook status while clocked in at work. What do you do when social media use gets out of hand in the workplace? It can seem like a never-ending battle with employees, but it doesn’t have to be that way.
Before you go any further, draft up a social media use policy. This will save you headaches and possible litigation. Employees can agree to it and follow it or they can find work elsewhere. Sounds harsh, I know, but your business’s reputation is not worth Mary’s selfie. Don’t get me wrong, the policy doesn’t have to be rigid and forceful. Your employees are adults and can handle responsibility. Similar to a job description, policies allow for clarification and accountability. Great for both employer and employee.
To create a social media use policy, start by splitting the policy between company official accounts and personal accounts. Then take a look at rules and regulations. With this part, you want to clearly overview your brand as well as how you want it perceived. It is important that employees are on the same page for this. That way the message is consistent across all platforms, no matter who posts or comments, talk about confidentiality and what company info can or cannot be shared. It can be similar to the non-disclosure you had your employees sign when they got hired. Then, of course, outline the potential consequences to not following these guidelines. Ensure these are clear and concise because a loophole can be quickly manipulated. Then you can go onto the same steps but for personal use.
Once you have that jotted down, you can move to the next part, roles and responsibilities. It is in this section that you have to figure out who will have access to the company’s social media or to any in general. Think about it, it might not be best to block it altogether. You can harness the power of social media for your benefit though if you play it smart. Your marketing team will need it, well, to market. Sales can keep in touch with prospects or members easily and it gives all parties conformation that you care. Beyond that, you may want to give your receptionist or office manager access in order to help with customer service on different platforms.
While working on this, keep a few things in mind. Don’t discourage use, and ensure the language of the document sounds positive. Employees will get upset with a big change to what they’re used to. A list of don’ts is only frustrating and discouraging. Also, be transparent on why you have a policy. Let them know that productivity has been affected. Not only that, be clear with them about the potential security risks you are trying to avoid. Train the employees using company social media how to see security risks and what to look for. Then finally, explain how a policy keeps everyone honest and accountable. As long as you are transparent about the new policy, implementing it shouldn’t be a huge issue. If you have employees assist you in drafting this document, that’s even better. They are part of the change and not being steamrolled by it.
Have you ever received a Facebook friend request from your mom even though she is already a friend of yours on Facebook? So, you call her up to make sure she didn’t forget her password again and just create a new FB page. Then right after that, “she” sends you a video link saying you’re in a YouTube video. You think, “Well dang I didn’t think she even knew how to use messenger”. As the confusion mounts, you realize, momma’s FB has been cloned in an effort to hack your account. Not today hackers!
In this day and age of social media, there are two very specific ways hackers compromise your data. Cloning is the first. This is when someone makes a social media account by using someone else’s identity. You’ve all seen them, mom is already your friend on FB but now you’re receiving another friend request from her. The new page has one photo, no posts and a handful of mutual friends that fell for the fake profile. This within itself is not hacking. It’s incredibly easy to copy a photo and create a basic FB page with basic information. The idea behind cloning is to get you to think this is your friend or loved one so they can hack your information. Social engineering can come into play, asking mutual friends for money – saying you’ve been arrested. Another way is by having the clone account send malware to friends.
This exact situation happens more often than not, but what does it have to do with your business? Mom may not work with you, but take her lesson as a valuable warning. When Facebook account funny business, a multitude of things could occur, compromising your business, clients and other important data you may have stored. Imagine receiving a message on your company Facebook messenger from a friend saying “you’re in a YouTube video”. The link is readily available, you have the urge to click on it, it could be bad PR right? So, you click it and instantly, the malware takes over your computer. Passwords and logins are automatically stolen from you and in the hands of hackers. Not good. This could compromise payment methods or pertinent company information. This hacked info could turn into full-blown social engineering if you don’t pay attention. The worst part is that almost everyone on your friend list will get bombarded by a similar message creating a domino effect. It’s terrible to infect your loyal followers and you’ll see a lot unfollow you because of the inconvenience.
Facebook is not the only platform to worry about, in fact, Instagram, Twitter, and Snapchat have all fallen victim to hacks. One huge reason for this is because people don’t know better when it comes to security information. Social media is so easy to use that people often forget that information can be compromised. Careless clicking is another culprit. Aren’t you curious what your favorite coffee says about your personality? Its quizzes and fun time wasters like this that allows hackers to access information. So simply clicking on these silly things opens your account to malware and in some cases ransomware. Users have reported being locked out of their accounts, accounts being deleted and some even being held for ransom until users paid the hacker. If you are using these platforms for business, you must be extra leery about what you are clicking on. It’s a terrible day when the content on your social media disappears over an avoidable breach.
These things don’t have to happen to you as long as you are smart about your social media. Make sure whoever is running it is well trained in cybersecurity. Also, ensure your passwords are strong and not easy to hack. Then go check on mom and give her a fast and efficient cybersecurity breakdown. This subject seems obvious, but the amount of people that get hacked each year as well as the amount of stolen data continues to grow. Hackers are also constantly looking for new ways to take information. Be vigilant and up to date on current trends. Protect your business from these sly social media mongers.