Social Engineering sounds like a buzzword, but it is one of the most pervasive and relevant threats facing people today. Most hackers have simple motivations. They want to steal credit card, banking information, or commit other acts of fraud to make money… and social engineering aligns well with these goals.
When you think about it, social engineering is the evolution of “old school” fraud techniques like fake IDs or check cashing scams, but now the strategy is to impersonate a digital persona.
If you have seen DP Solutions other content, you will know that we talk about Phishing quite a bit. But for this tech tip, I’d like to dig a little deeper and talk about some trends in Social Engineering in order to broader your horizons when it comes to the types of attacks you could face in the second half of 2020.
Trend #1 – SIM Swapping
In case you don’t know, a SIM card, or subscriber identification module, is essentially a small card that goes into your cell phone and verifies your device with your service provider. It’s the key component that ties your cell phone number to your specific device. A “SIM Swap” is a scam where a bad guy uses your personal information to trick a carrier into tying your phone number to their device. But why would they want to do this?
Multi-Factor Authentication is gaining popularity as a secure login method. And one of the most popular methods used to authenticate a user are text messages containing temporary access codes. If a cyber-criminal ties your phone number to their phone, they will now get all of those secure access texts, rendering Multi-Factor Authentication meaningless.
SIM Swapping is fraud on both the individual as well as the carrier, as customer support lines often receive legitimate calls regarding new or lost cell phones, requiring adjustments to the SIM card in place.
How can you protect yourself? Once again, it is important to keep tight control over Personally Identifiable Information, as you never know who might gain access to this data and abuse it. You should also be vigilant about the signs of potential hacks, like unusual logins to your sensitive accounts, so that if something happens you can respond to it quickly. If available, try utilizing authentication apps like Authy or Google Authenticator so text messages are not the second form of authentication. Another great idea, if available from your carrier, is to use a personalized PIN with your mobile carrier when making account changes, so if someone is attempting a SIM Swap they will be missing a key piece of information to complete their hack.
This is a tough one to deal with, but it’s important to arm yourself with this knowledge in order to protect yourself as best you can.
Trend #2 – Tailgating
You know what’s even easier than breaking through a lock? When someone just opens the door and lets you in. That’s precisely what Tailgating is. Certain individuals at every organization have elevated privileges. Sometimes that gives them the ability to access sensitive physical locations, digital data or applications that are not available to others, so this can be applied both digitally and in the real world. By just casually observing an environment, hackers can gain enough intel to significantly breach sensitive data.
There are many tactics organizations can use to combat tailgating. Think about who surrounds you on a day to day basis. When you allow someone to take control of your device for support purposes, what’s on display on your screen? When you walk the delivery person through your office, what sensitive information is laying around on desks? Just like you protect your personal information by limiting sharing of it, you should limit the exposure of your environment to people who belong there and are trustworthy.
The most important thing you can do to prevent tailgating is staff education. Explain the risks associated with tailgating and why staff should never open the door for someone they don't know. Require all visitors to wear badges so your employees can easily identify unauthorized visitors, and of course, make sure you have clearly communicated your visitor policies so staff know what suspicious activities to look out for and how to handle unwanted guests.
I understand that it’s difficult to keep things completely private. The main takeaway here is that everyone needs to be mindful of the consequences of their actions, and how they could be used against them.
Trend #3 – Vishing
Vishing is, to put it simply, voice phishing, specifically over the phone. Unfortunately it is very easy to create a fake phone number and start calling people claiming to be someone with an important message when in reality you are committing some kind of scam.
In 2020, it probably won’t surprise you that many of these Vishing scams have a COVID twist. While legitimate contact tracing will use phone calls to inform people about potential exposure to the virus, scammers take advantage of this with a number of tricks related to the pandemic. Sometimes, they will talk about the “stimulus” or “unemployment programs” or “important news from the government”.
To avoid these kinds of scams, go to your state’s health department website, and you will see the exact protocols for how they will communicate contact tracing. The same thing goes for other legitimate government programs during this challenging time.
These are just a few of the Social Engineering trends we are seeing emerge as the year goes on. Have you been targeted in a unique Social Engineering scam? We’d like to hear more about it, because spreading the word and learning about what’s out there helps not just you and your team, but the broader community.
Thanks again for watching this Tech Tips video and until next time…stay vigilant my friends!
Need help with IT Services for your company?