We covered passwords, the ways in which your online accounts are vulnerable, social engineering and related methods of attack, and so much more.
Here, in Part 3 of this series, we dig a bit deeper into Social Engineering Attacks and what you can do to stay safe in the digital world.
First, let’s talk about one CRITICAL item re Phishing. To get caught up re “phishing” – what it is and how to spot it – CLICK HERE
Otherwise, read on.
Guard Your “Yes” – It is a Gold Mine
This is so important! In the event of a call, NEVER, NEVER, NEVER say “YES” to any question unless you know precisely who’s calling you.
If someone calls and asks if you are Hank Jones and you are Hank Jones, do NOT say, “yes.” Instead ask, “Why?” or “Who’s calling?”
This is why this is SO critical: When you say, “yes” it can be recorded and sold! It will then be USED as an affirmative answer in YOUR OWN VOICE as a way to bypass security hurdles when a criminal works to claim your identity. Guard your Yes!
Tailgating, Pretexting, and Baiting – Oh, My!
What on earth? Okay, so these are other types of attacks based on social engineering and human behavior. They take full advantage of how people REACT without thinking when under stress. We will give a general introduction and if you want to know more, there is PLENTY out there on the web that gets into more detail. A quick search will do it. For now, let’s start with “tailgating.”
TAILGATING – Sorry, this is not your friendly pre-game cookout in a stadium parking lot. In this context, tailgating involves an unwitting helper. You go to visit a friend in a high-rise building and need to get buzzed in the front door, you go to work and use your fob or badge to open a door – the person who slips in behind you has just “piggy-backed” or “tailgated” into that building or office.
These folks do not have permission or security credentials, yet they get in. They may play on your helpful nature and walk in carrying what looks like an armload of coffees for co-workers, or parcels for deliver. Tailgaters possess the 3 F’s – they are Friendly, Familiar and Fast. Before you have a chance to question your interaction with them, they are gone and on to their in-house target.
PRETEXTING – Here, the scammers set up a good “pretext” or story to exploit or bypass normal security. This could be the “repair guy” who shows up in uniform to allegedly check an electrical hazard with your new smart-fridge or as someone who shows up to your business masquerading as some service provider on an urgent mission.
Pretexting plays into a false sense of security and trust around this “professional” and their reason for being there. This is a great way for criminals to gain access to routers, servers, laptops, phones and other devices that contain sensitive data or provide a gateway into a larger system that contains more sensitive information.
BAITING – This attack shares some of the hallmarks of phishing, however, it ALWAYS promises a treat and is the ULTIMATE “carrot” scam! We have all seen posts on Social Media that promise a “FREE $50 Gift Card” or have received a call saying we have already won a “FREE stay at a resort.”
Baiting can also take advantage of our curious nature. Find a disc with a compelling label or a lone thumb drive laying around the break room and you might just pop it into your computer to see what’s on it. Find an official looking doc “for your boss’s eyes only” and see that it mentions a link to “sensitive material” online. Pop back to your desk, visit the URL or download the doc in question and BAM. With any of these scenarios, you have personally opened Pandora’s Box!
There may be keystroke detection malware that gets installed across the system in order to capture all the passwords and enable access to VERY sensitive, high-level data. There could be ransomware deployed that is designed to incapacitate a system or shut down access to key data until a ransom is paid. Baiting is an attack that exploits our curiosity and desire to get something for nothing. Bottom line – it works!
Easy Ways to Improve Your Online Security
- Create strong, SLICK passwords
- Use a different password for each account
- Do not daisy-chain your online accounts
- Lock all your work devices – personal ones too. It is a good practice.
- Shred, shred, shred! Anything with your name, address, account numbers or personal identifying information. Shred it all using a high quality at-home shredder. You can also take it by the box to a place where you watch as they pulverize it for you. Always makes for a fun break in the day!
- Presume the worst of strangers who are very nice, in need of help or have their hands full. Make sure you know your company’s policy re letting people without proper credentials (or with non-working, potentially fake credentials) into the building.
- Resist the urge to be curious! Take the object of your curiosity to your boss or the person in charge of IT security. EXPLAIN you concerns re baiting and do NOT assume they know more than you do. Follow up with an EMAIL or paper trail that explains the situation, your concern, how, and with whom it was left.
Next month we will dig into the ART OF THE PASSWORD and show you how to “Build a Better Password.” We’ll tell you what the pros know that you MUST know and give you some great DIY tools to make you more secure.
Need Answers to Estate Planning Questions?
We handle wills, trusts, estate planning and financial or medical power of attorney. If you want to protect an aging relative from losing their hard-earned money to fraud or if you feel overwhelmed because a loved one has passed away without benefit of a will or trust, call to my Los Gatos office at (408) 376-2755 to request an appointment.
You are welcome to Print this Free 30 Minute Legal Consultation Certificate.
Let’s get some of those questions answered!
This blog contains general information and is not meant to apply to a specific situation. Please seek advice of counsel before proceeding as each case is unique.