How to Avoid Falling Victim to 5 Common Social Hacking Methods

Posted by Nick Pierce

February 15, 2017 | 10:30 AM

Share this blog on:     

Social Hacking_Matco.pngWhat is social hacking?

"Social hacking describes the act of attempting to manipulate outcomes of social behavior through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission." - Wikipedia

Ransomware Notification

Ransomware is becoming a large issue for corporations and individuals, costing over $1 billion last year alone. 

What is it?

Ransomware is a type of malware that encrypts or locks down all files that your user account would have access to on your computer and potentially your network. Once it completes the process of locking you out of your files, it will typically display a message instructing you to send money to an account to gain access to your files again.

If I receive this message, what can I do?

Power down your machine immediately. Leave the power off and contact IT support. 

How can I avoid getting ransomware?

  • Avoid any websites that are not work related/appropriate.
  • Do not open emails or click on links contained within emails from person(s) unknown.

Why would someone do this?

Some known malware groups have bragged that they made $24 million last year alone.

Call for Help

The Call for Help scam can be executed in one of two known ways.

The first method is the cold call from a call center claiming to be from Apple Computer, Microsoft, or Symantec. The person on the other end will claim that your system is infected and doing bad/illegal things and claim that they need to connect to your machine to clean it off. During this call, they will install other types of malware on your system and even try to get you to purchase a support contract and provide you with a webpage to put your credit card information in.

The second method that is used to execute this scam is just by visiting a compromised website. You will get a pop-up message that pretends to be from Windows and instructs you to call immediately to have the infection removed.

If I receive this message or a phone call like this, what can I do?

Do not call the support number. At this point, contact IT support. 

How can I avoid getting a notification like this?

  • Do not install any software to help with drivers or speed up your system. Contact IT support if you are having issues.
  • Avoid any websites that are not work related/appropriate. 

Why would someone do this?

Scammers can steal personal information and sell it to interested parties. Additionally, they can charge you money for their "support" services.

Email Phishing

Phishing for information via email is very broad in scope. The definition of phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Scammers can pretend to be offering something that you are not expecting, or trying to get you to click on a link in an email that takes you to a site that you are not familiar with.

How can I identify a phishing email?

  • Are you expecting an email from the sender?
  • Is the FROM address spelled correctly? (example: techsupport@yourcompany.com)
  • Are there other spelling mistakes all over the email?
  • If you highlight links, do they appear to go where you expect them to go?

If I think that I have received a phishing email, what can I do?

Delete the email. If the source of the email is a legitimate business, they will attempt to contact you. If you have a suspicion that the email could be something that you are expecting but still feel uneasy about it, contact IT Support.

Why would someone do this?

The goal with this type of email is to allow the attacker access to your computer or to some of your information.

Log In into Google to View PDF Files

This newer method of social engineering has been recently discovered. You will receive an email with a PDF file that takes you to a Google login page, stating that you need to log in to access the PDF. This may all seem legitimate, however, Google does not have a service that requires that you log in to view PDFs. The attacker takes your username and password and will use that information to gain access to your Google account and may even perform "forgot password" requests to sites that are linked to your Google email address.

If I receive a PDF requiring that I log into Google, what can I do?

Contact the original sender and request that they send the PDF differently.

Why would someone do this?

Typically this method of social engineering is used to gain access to any account that may yield access to your financial information (banking, taxes, etc.).

Email Requests for Password Changes

Receiving a request to share or change your password is actually another phishing attempt. However, even people that work with our government have recently fallen for this particular scam. If you should receive an email with a request or recommendation to change an email or corporate password, do not follow links in the email to do so. Actually go to the website portal or contact support for assistance in changing your password.

Why would someone do this?

Again, this method of social engineering is used to gain access to any account that may yield access to your financial information (banking, taxes, etc.).

Need More Information? Contact Us.

Topics: Technology, security

About Nick Pierce

Nick Pierce is a Systems Administrator at Matco Tools, a manufacturer and distributor of quality professional automotive repair tools, diagnostic equipment, and toolboxes.

Search

Subscribe to Email Updates

magento-platform-checklist
New Call-to-Action

Contact Us

B2B-2.0