Why Hack When You Can Con?



 

iStock-155379357

Social engineering is all about isolating one individual from the corporate herd

Most people would be shocked at how easily anyone might physically infiltrate an organization and gain access to sensitive data. In most cases, social engineering is a much more efficient choice than trying to hack into a company’s computer systems. The magazine Computing reports on a presentation by an ethical hacker at DTEXPO which illustrates this.

The hacker recounted a job in which he was tasked with breaking into a restricted site (with permission) and gaining enough access that he would have been able to blow up a vat of chemicals. He dressed the part by donning a high-visibility jacket and acted like he knew what he was talking about, which successfully tricked the employees into thinking he was supposed to be there. He then made friends with an employee in the smoking area outside the restricted site, and tagged along when the employee went back inside. This granted him all the access he needed.

The hacker emphasized that tricking humans can be very easy, and you don’t really need any technical expertise to do it. If you have some social engineering talent, you can cause just as much damage as a sophisticated computer hack.

“This is not a James Bond industry. This is not a super-skilled role where only the most technically capable can infiltrate a company,” the hacker said. “Sometimes, it just takes a bit of effort to infiltrate. I genuinely don’t feel like I can rob a bank, even though I’ve been in three scenarios in my job with banks. I know I could never hack a bank, but I know that if we narrowed down the actual people, we can hack the people once they've been segregated from the business. It's about separating the weak away from the pack.”

The threat isn’t insurmountable, however. The hacker stressed that if employees are prepared, they can identify and stop these attacks.

“It’s just a person, and we can defend against this person if we all work together,” he said.

New-school security awareness training can build a culture of security within your organization so your employees can cooperate with each other to defend against social engineering attacks.

Computing has the story: https://www.computing.co.uk/ctg/news/3082485/ethical-hacker-social-engineering


Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/social-media-phishing-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews