Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

  

USA Computer Services Blog

USA Computer Services has been serving small and medium sized businesses since 2012, providing IT Support such as technical helpdesk support, computer support and consulting.

This Halloween, Hackers are Pretending to Be You

This Halloween, Hackers are Pretending to Be You

Halloween is a great time for people of all ages to let loose and embrace their spookier, darker side--even though they aren’t. For hackers, however, every day is like Halloween, but with ill intentions. Hackers will pretend to be someone they’re not in order to scam you out of sensitive data or personal information. By identifying their tricks, you can keep hackers from getting their treats.

The aforementioned tricks are typically characterized as social engineering tactics, where a hacker will trick users into thinking that they’re a trusted organization, or even someone within their own business. Unlike those who participate in Halloween dressed in silly costumes, it’s not so easy to distinguish a social engineering attack from normal everyday occurrences. This is what makes the trick so convincing. Therefore, it’s imperative that you know what to look for, and how to address it properly. Also, in the same way you check your kid’s trick-or-treat candy for anything that might be harmful, you need to view unsolicited digital communications with a degree of healthy skepticism.

The unfortunate fact is that social engineering attacks (including phishing scams) work, which is why they’re commonly used by hackers. Even the most vigilant user can fall victim to a social engineering scam, which prompts people to wonder what makes a social engineering attack so effective. Researchers from the University of Erlangen-Nuremberg in Germany decided to pursue this thought and performed research into what makes people want to click on suspicious links.

Zinaida Benenson presented the university’s findings at the most recent Black Hat convention in Las Vegas. It was discovered that the success of social engineering attacks was largely due to the hacker understanding the circumstances of the scam and personalizing the link to appeal to the victim at that specific time: “By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context."

In other words, proactive training and education aren’t enough. Even the best employee could click on a link that aligns with their personal interests. ZDNet uses the example of an employee who has recently attended an event and is then sent a link to an online photo album containing memories of the event. The user will want to click on the link to see what the photos are, regardless of who it’s from. Once he has done so, the hacker succeeds; he has appealed to the natural curiosity of the user, and thanks to the timing of the message, the user is almost guaranteed to click it.

Another common example is an employee who is experiencing persistent technical trouble with their workstation. They might receive an email from “tech support” claiming that the problem can be resolved by downloading remote access software. The frustrated employee will click on the link because it fits their current needs and situation and because users typically trust tech support.

Just like how it takes energy to build an impressive Halloween persona, these hackers require immense time and preparation in order to successfully pull off a social engineering scam. These types of personalized attacks make social engineering scams challenging to protect yourself against. Yet, not all hope is lost. Educating your employees on security best practices and implementing spam blocking solutions designed to eliminate spammy emails may be the best way to avoid a fright.

Have a safe and happy Halloween, from all of us at USA Computer Services.

Tip of the Week: 2 Cool Services that Let You Try ...
DDoS-for-Hire Botnets are Causing Major Headaches ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Customer Login

Contact Us

Learn more about what USA Computer Services can do for your business.

Headquarters:
525 North Tryon St. #1600
Charlotte, NC 28202

Additional Location:
859 Willard St #400
Quincy, MA 02169
Additional Location:
60 State Street #700
Boston, MA 02129