February  19,  2019

Social engineering is a term that’s been around for a while and so have the methods used by hackers to manipulate employees into giving up sensitive information. As cybersecurity technology continues to improve, criminals are finding more human ways to hack into our systems. Criminals understand that companies are aggressively educating their employee to watch out for flash drives in the parking lot and emails with enticing links, so they adjust their approach and find innovative ways to trip you up. Next week’s scam will be different than this week’s, so the key to defending yourself is to understand their game.

Behaviors Hackers Capitalize On to Steal Your Data

You know me. Criminals depend on getting your trust quickly and the fastest way to get there is to convince you that you’re all part of the same team. They will go to great lengths to convince you that they are part of your ecosystem – a fellow employee, a trusted partner, or a valued customer. They will pretend to be someone that you will want to please and not disappoint. They will replicate your company’s email footer, steal your company’s hold music, take on identities from your IT employee directory, and even use your firm’s acronyms and terms.

You’re nice. They know that if they follow closely behind, you’ll hold the door open for them and that it’s hard to question a smile. They are masters at being sympathetic and helpful, the kind of person that you want around and would never double check. They will put you in situations to get the information they want and make you think they are helping you while they do it. “Someone put a ticket in about the network running slow in this building. Would you mind logging out and logging back in for me real quick? Maybe I can speed things up for you.”

You’re frustrated. Hackers love to commiserate. They count on common frustrations in every work environment – slow computers, ridiculous rules, clueless executives, etc. They use these frustrations to create common ground for conversations and justification for coming to your rescue. “Just another day in paradise. It’s inventory time again, do you mind letting me in the server room? I’ve got about 15 billion serial numbers to take down by the end of the day, or the suits in accounting are going to have my hide.”

So how do we combat these tactics? Should we stop being nice, or wanting to help our colleagues? Of course not, but we do need to have a degree of skepticism and be particularly aware of people we have never seen, even if they seem familiar and seem to know us. Also, we need to be aware of how these familiar people make us feel and what are they asking of you. Feeling obligated is a warning sign. Focus on your actions outside of the reasons why you are doing them. Are you giving up your password, or letting someone in a secure area? Forget the story or circumstances and focus on what they are actually asking you to do. Criminals are clever, but they count on you behaving a certain way in order to get what they want. Focus on your behaviors and you will be fine.