Social Engineering – What you need to know

August 16, 2016

In cyber space, Social engineering is the art of manipulating people so they give up confidential information. Learn more about how hackers are using tactics to gain your personal information in this article, 7 Social Engineering Tactics that Hackers are Using to Trick Employees by Liz Riley of Arroyo Insurance Services.

  1. BOGUS INVOICE – A business that has a long-standing relationship with a supplier asked to wire funds to pay an invoice to an alternate fraudulent account via email. The email request appears very similar to one from a legitimate account and would need scrutiny to determine if it is fraudulent.
  2. BUSINESS EXECUTIVE FRAUD/EMAIL PHISHING – The email accounts of high-level business executives (CEO, CFO, etc.) may be mimicked or hacked. A request for a wire transfer or other sensitive information from the compromised email account is made to someone responsible for processing transfers. The demand is often made in an urgent or time-sensitive manner.
  3. INTERACTIVE VOICE RESPONSE/PHONE PHISHING – Using automation to replicate a legitimate-sounding message that appears to come from a bank or other financial institution and directs the recipient to respond to “verify” confidential information.
  4. DUMPSTER DIVING AND FORENSIC RECOVERY – Sensitive information is collected from discarded materials — such as old computer equipment, printers, paper files, etc.
  5. BAITING – Malware-infected removable media, such as USB drives, are left at a location where an employee may find them. When an employee attaches the USB to her computer, criminals can ex-filtrate valuable data.
  6. TAILGATING – Criminals gain unauthorized access to company premises by following closely behind an employee entering a facility or by presenting themselves as someone who has official business with the company.
  7. DIVERSION – Misdirecting a courier or transport company and arranging for a package/delivery to be taken to another location.

Awareness of these tactics shared by you and your employees can go a long way in prevention of such attacks occurring in your business. So be aware and share!

Contact The Armstrong Company Insurance Consultants for more information on Cyber Liability or any other line of business or personal insurance.

The Armstrong Company Insurance Consultants  (License #0440075)