Picture a hacker, are you thinking of someone in a black hoodie scrolling through the Matrix? Typing multiple lines of code in order to get through a business’s firewall.
Because that is how hackers are portrayed in modern-day culture, however, that’s not true anymore. Most hackers focus on human mistakes this is called Social Engineering, so rather than attacking your technology, hackers attack your employers.
The success of these attacks depends on how good the hacker is, and that’s not in terms of coding but how well they can impersonate someone trustworthy.
Technology is always changing, and even though customers need to continue to invest in cyber protection, the best way to protect your business is to focus on your users.
What is Social Engineering?
Social engineering is a term for any attack where the hacker tricks you into sharing the sensitive data they require. Here are few examples:
A fake but convincing email. The sender (hacker) will try their best to get you to click on a link which sends you to a fake website, or they’ll ask you to reply with the confidential information they need.
This isn’t just on email, this can also be done via phone, social media or, more commonly, WhatsApp.
Therefore, it’s dangerous if your email address appears on the Dark Web; all the hacker needs to do is send an email out to thousands or even millions of people and then see who falls for it. Low risk but very high reward.
The hacker calls up your network provider pretending to be you; they make up a very good story about losing their phone and explain why you need to port your number to another sim card.
The customer support rep will confirm a few personal details about you, like your address, gender, and date of birth – all this information can be found on the Dark Web.
What’s the problem? Most people receive 2FA codes via SMS. The hacker will then use the sim in their possession linked to your codes and log into any online accounts.
Extremely simple, but the hacker will simply exhaust you into providing the information by bombarding you with 2FA notifications. You’ll eventually accept one of them with support/advice from a friendly call, usually pretending to be someone from your IT support company.
This then allows them access to your online accounts.
These are just a few examples that fall under social engineering that all lead to a data breach; the one thing they all have in common is it involves people prone to make mistakes and not something high-tech as everyone imagines.
What will help?
- Password Managers
- 2 Factor Authentication
- Dark Web Monitoring Tools like Candio’s SafeWeb
- Email Filtering
- Staff Training
Cyber Security shouldn’t be difficult, help keep your customers data safe by partnering with Candios product SafeWeb.
SafeWeb will highlight any data like usernames, passwords, email addresses and passwords that have been leaked onto the Dark Web and offer simple advice to resolve those breaches.
Get In touch with a member of the Candio team to find out more.