hat does data theft look like, really? Is it a black-hoodie-clad villain tapping away at a laptop while ominous green code streams across their monitor? Not usually. In fact, a huge portion of cyber-security breaches occur through social engineering. So, often data theft looks like a customer or employee who is enticed to act in a way they shouldn’t.
Through social engineering—using interactions online or information available on LinkedIn or other social media platforms—scammers identify targets such as employees who may have access to a company’s network or financial systems. They send phishing emails that may look like they’re from a financial institution, vendor, customer, or other trusted sources. These emails will include a link or download that installs malware on the recipient’s computer.
Fraudsters may also use “vishing” or voice phishing, which is a scam phone call or voicemail to users of VoIP, or Voice over Internet Protocol, platforms. On VoIP, scammers can spoof the inbound number on caller ID to engage with an employee as a business contact and then direct the target to enter their login and passwords on a spoofed site. Using text or SMS messages, also known as “smishing,” and social media interactions to gain access to systems are other methods that are gaining traction.
Once scammers have access to a company’s network through phishing, vishing, or smishing, they can attempt to find financial accounts, credit card data for the company or its customers, install ransomware, or request or send illegitimate payments. Businesses wary of hackers take precautions with digital security. Some of those precautions may include using firewalls, insisting that customers and employees use strong passwords, or even making two-factor authentication or biometric indicators mandatory to access accounts and information. But while those measures help in defending against online attacks, they can be less effective against forms of social engineering, which rely on the judgment of customers and employees.
That’s a great example of a red flag for social engineering scams: They tend to include a sense of urgency and ask victims to do something outside of the norm.
With social engineering attacks increasing, staying ahead can be tough for middle market businesses, particularly those dealing in high tickets that require lending and an exchange of sensitive data.
Here are some tips to keep in mind to protect yourself and your business from social engineering scams:
- Pause and verify. Scammers create a sense of urgency to prey on emotions. Do not reply to the email or text; instead reach out and confirm the request with your boss through a trusted source.
- Be careful what information you share on LinkedIn and other social media sites. Fraudsters research and use this information to lure you in with a false sense of security.
- Limit who can access your information and use any privacy settings.
- Don’t act on requests via email or text, especially purchasing gift cards or making money transfers, without verifying directly with the source.
- When receiving email or text messages, don’t click on links or open attachments that are unexpected or from an unknown source—always validate first.