Call (716) 373-4467
27Apr

5 Types of Social Engineering Scams

 

1. Phishing

Phishing scams are the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad, or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.

2. Baiting

Baiting is similar to phishing and involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

3. Quid Pro Quo

Quid Pro Quo is similar to baiting and involves a request for the exchange of private data, but for a service. For example, an employee may receive a phone call from the hacker posed as a technology expert offering free IT assistance  in exchange for login credentials.

4. Pretexting

Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

5. Tailgating

Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.

The Takeaway

Employee awareness of social engineering is essential for ensuring corporate cybersecurity. If end users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. As many of us are visual learners, make sure to provide them with actual examples of these scams.

Blue Partner Logo

–Blog Provided Courtesy of Datto

comments powered by Disqus
2FA AI APC backup business continuity BYOD client of the month cloud computing computer services computer support computer upgrade Computer Upgrades Control Chief covid-19 CryptoLocker CryptoWall Cyber Attacks cyber criminal cyberattack cybercrime cybersecurity Cybersecurity Training Dark Web Monitoring Dark web scan data protection Data-Loss Prevention Databranch Databranch Comprehensive Care databranch cto databranch employees Discounts doug wilson dura-bilt email migration email security End of Support Exchange Online Facebook field technician Hardware Refresh heat-induced server crash holiday computer tips holiday internet tips How Long Do I have to Upgrade my Windows 7 Computers? ID Agent Information Technology Internet Security IT Outsourcing IT Services J.P. Morgan malware managed service managed services Microsoft Microsoft End of Support Microsoft Patching Microsoft Support Microsoft Telephone Scam mike wilson mobile device security Multi-Factor Authentication Network Infrastructure Office 2013 Office 365 old UPS password management password security Penn-Troy Manufacturing Phishing Attacks Power Failure proper server environment Ransomware remote access repeatbusinesssystems SBS2011 security security vulnerabilty Server 2008 Server 2008R2 Server Upgrade server virtualization Small Business Small Business Server 2011 smb SMS intercept Social Media stolen credentials Symantec Symantec Backup Exec temperature Tips Two-Factor Authentication Upgrading to Windows 10 UPS virus Western New York Windows 10 Windows 7 Windows Server 2003 Windows Server 2012 winrar