Contact us today!
(518) 203-2110

Evolve IT

Evolve IT has been serving the Saratoga Springs area since 1995, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

This Halloween, Hackers are Pretending to Be You

This Halloween, Hackers are Pretending to Be You

Halloween is a great time for people of all ages to let loose and embrace their spookier, darker side--even though they aren’t. For hackers, however, every day is like Halloween, but with ill intentions. Hackers will pretend to be someone they’re not in order to scam you out of sensitive data or personal information. By identifying their tricks, you can keep hackers from getting their treats.

The aforementioned tricks are typically characterized as social engineering tactics, where a hacker will trick users into thinking that they’re a trusted organization, or even someone within their own business. Unlike those who participate in Halloween dressed in silly costumes, it’s not so easy to distinguish a social engineering attack from normal everyday occurrences. This is what makes the trick so convincing. Therefore, it’s imperative that you know what to look for, and how to address it properly. Also, in the same way you check your kid’s trick-or-treat candy for anything that might be harmful, you need to view unsolicited digital communications with a degree of healthy skepticism.

The unfortunate fact is that social engineering attacks (including phishing scams) work, which is why they’re commonly used by hackers. Even the most vigilant user can fall victim to a social engineering scam, which prompts people to wonder what makes a social engineering attack so effective. Researchers from the University of Erlangen-Nuremberg in Germany decided to pursue this thought and performed research into what makes people want to click on suspicious links.

Zinaida Benenson presented the university’s findings at the most recent Black Hat convention in Las Vegas. It was discovered that the success of social engineering attacks was largely due to the hacker understanding the circumstances of the scam and personalizing the link to appeal to the victim at that specific time: “By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context."

In other words, proactive training and education aren’t enough. Even the best employee could click on a link that aligns with their personal interests. ZDNet uses the example of an employee who has recently attended an event and is then sent a link to an online photo album containing memories of the event. The user will want to click on the link to see what the photos are, regardless of who it’s from. Once he has done so, the hacker succeeds; he has appealed to the natural curiosity of the user, and thanks to the timing of the message, the user is almost guaranteed to click it.

Another common example is an employee who is experiencing persistent technical trouble with their workstation. They might receive an email from “tech support” claiming that the problem can be resolved by downloading remote access software. The frustrated employee will click on the link because it fits their current needs and situation and because users typically trust tech support.

Just like how it takes energy to build an impressive Halloween persona, these hackers require immense time and preparation in order to successfully pull off a social engineering scam. These types of personalized attacks make social engineering scams challenging to protect yourself against. Yet, not all hope is lost. Educating your employees on security best practices and implementing spam blocking solutions designed to eliminate spammy emails may be the best way to avoid a fright.

Have a safe and happy Halloween, from all of us at Evolve IT.

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 21 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up!

Free Consultation
 

Tag Cloud

Tip of the Week Security Technology Internet Best Practices Cloud Hackers Privacy Email Productivity Business Malware Business Computing Software User Tips Efficiency Workplace Tips Google Hosted Solutions Microsoft Computer Upgrade IT Support Mobile Devices Innovation Smartphone Windows 10 Hardware Gmail Network Security Ransomware Microsoft Office Office Backup Apps Business Continuity Disaster Recovery Communication Operating System Hacking WiFi Facebook The Internet of Things Social Media Bandwidth Firewall Mobile Device Management Money Network Content Filtering Cybercrime Managed Service Provider Website Outlook Wireless Technology Android Employer-Employee Relationship Apple History Two-factor Authentication Small Business Best Practice Smartphones Phishing App Alert Mobile Computing Networking Big Data Data storage communications Safety Data Unified Threat Management Windows Experience Quick Tips Black Market Government YouTube Processors Staffing Automation Augmented Reality Office Tips Keyboard LiFi User BYOD Downtime Memory Search Hard Drives Passwords Streaming Media Help Desk Disaster Deep Learning Remote Computing Micrsooft Shortcut Visible Light Communication BDR DDoS Heating/Cooling Business Growth Word Data Management Recovery Vendor Management Robot Advertising Society Sports Google Wallet Business Management Spam Running Cable Monitors Information Technology Competition Windows 8 Internet of Things Presentation Hosted Solution Entrepreneur Windows XP IT Services Artificial Intelligence Documents Displays Domains Tech Support Compliance Hacker Drones Social End of Support Application Printer Browser Wireless Customer Service Virtual Desktop Unified Communications Securty Writing Document Management Encryption VoIP Law Enforcement Router SaaS Office 365 Proactive IT Cortana Analytics Network Congestion Saving Money Save Money intranet Retail Lithium-ion battery Music Cryptocurrency Social Networking Laptop Managed IT services Public Speaking IBM IP Address Google Docs Virtualization Education Cleaning Holiday Bluetooth
QR-Code