What is social hacking?
"Social hacking describes the act of attempting to manipulate outcomes of social behavior through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission." - Wikipedia
Ransomware is becoming a large issue for corporations and individuals, costing over $1 billion last year alone.
Ransomware is a type of malware that encrypts or locks down all files that your user account would have access to on your computer and potentially your network. Once it completes the process of locking you out of your files, it will typically display a message instructing you to send money to an account to gain access to your files again.
Power down your machine immediately. Leave the power off and contact IT support.
Some known malware groups have bragged that they made $24 million last year alone.
The Call for Help scam can be executed in one of two known ways.
The first method is the cold call from a call center claiming to be from Apple Computer, Microsoft, or Symantec. The person on the other end will claim that your system is infected and doing bad/illegal things and claim that they need to connect to your machine to clean it off. During this call, they will install other types of malware on your system and even try to get you to purchase a support contract and provide you with a webpage to put your credit card information in.
The second method that is used to execute this scam is just by visiting a compromised website. You will get a pop-up message that pretends to be from Windows and instructs you to call immediately to have the infection removed.
Do not call the support number. At this point, contact IT support.
Scammers can steal personal information and sell it to interested parties. Additionally, they can charge you money for their "support" services.
Phishing for information via email is very broad in scope. The definition of phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." Scammers can pretend to be offering something that you are not expecting, or trying to get you to click on a link in an email that takes you to a site that you are not familiar with.
Delete the email. If the source of the email is a legitimate business, they will attempt to contact you. If you have a suspicion that the email could be something that you are expecting but still feel uneasy about it, contact IT Support.
The goal with this type of email is to allow the attacker access to your computer or to some of your information.
This newer method of social engineering has been recently discovered. You will receive an email with a PDF file that takes you to a Google login page, stating that you need to log in to access the PDF. This may all seem legitimate, however, Google does not have a service that requires that you log in to view PDFs. The attacker takes your username and password and will use that information to gain access to your Google account and may even perform "forgot password" requests to sites that are linked to your Google email address.
Contact the original sender and request that they send the PDF differently.
Typically this method of social engineering is used to gain access to any account that may yield access to your financial information (banking, taxes, etc.).
Receiving a request to share or change your password is actually another phishing attempt. However, even people that work with our government have recently fallen for this particular scam. If you should receive an email with a request or recommendation to change an email or corporate password, do not follow links in the email to do so. Actually go to the website portal or contact support for assistance in changing your password.
Again, this method of social engineering is used to gain access to any account that may yield access to your financial information (banking, taxes, etc.).
No Comments Yet
Let us know what you think