This Halloween, don’t get tricked by the haunted hack! For the scariest of hackers, every day is like a reverse Halloween as they try to scam victims by pretending to be someone safe and trustworthy–a persona that they’re really not.
Did You Know? Tricks of this nature are categorized as social engineering!
Unlike a child dressed as a ghoul on Halloween, scams of the social-engineering variety are much more difficult to spot. When it comes to protecting yourself from these targeted scams, it’s imperative that you know what to look for. Also, you need to view unsolicited digital communications with a degree of healthy skepticism. Unfortunately, social engineering tactics like phishing scams work, which is why hackers increasingly use them. This begs the question; why is it that users so easily fall for these scams, even if they’re aware of the security risks?
Researchers from the University of Erlangen-Nuremberg in Germany sought to find this out by studying the reasons why people click on malicious links. According to Zinaida Benenson, “by a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context.” Translation; even with proactive training and education, the best employee could potentially click on a link if doing so fits into their current interests or piques their curiosity.
Here are some examples of how phishing could happen in daily life:
- A partygoer who attends a recent event and then receives an email containing a link to photos of the party. Naturally, the user will want to click on the link, regardless of where it’s from. In this example, the hacker effectively appeals to the natural curiosity of what might be contained within; when coupled with such personalized context, it’s almost guaranteed that they’ll click it.
- An employee who’s experiencing technical trouble with a workstation. They’ll then receive an email from “tech support” suggesting they click on a link and download remote access software. If the employee is frustrated and they can’t get their PC to work properly, they will follow the email’s instructions for two reasons: 1) The context fits the situation, and 2) People tend to trust tech support.
Like the work it takes to create an impressive Halloween costume, these hacks rely on a level of preparation and cunning by the hackers. . The possibilities for you and your employees to be tricked by spear phishing attacks and thus, end-user errors, are limitless.
At the end of the day, having a staff that knows how to spot a trick, and a network that’s free from scary threats, is the greatest treat a business owner can ask for. ActiveCo’s ongoing security awareness training helps your team know what to look for when hackers go phishing. If you have concerns for your business security, we may be able to help alleviate with some simple education, testing or some helpful applications, reach out to us right away!
Have a safe, secure and Happy Halloween from all of us at ActiveCo Technology Management.