Give us a call

Ferrum Technology Services Blog

Ferrum Technology Services has been serving the Elgin area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

This Halloween, Hackers are Pretending to Be You

This Halloween, Hackers are Pretending to Be You

Halloween is a great time for people of all ages to let loose and embrace their spookier, darker side--even though they aren’t. For hackers, however, every day is like Halloween, but with ill intentions. Hackers will pretend to be someone they’re not in order to scam you out of sensitive data or personal information. By identifying their tricks, you can keep hackers from getting their treats.

The aforementioned tricks are typically characterized as social engineering tactics, where a hacker will trick users into thinking that they’re a trusted organization, or even someone within their own business. Unlike those who participate in Halloween dressed in silly costumes, it’s not so easy to distinguish a social engineering attack from normal everyday occurrences. This is what makes the trick so convincing. Therefore, it’s imperative that you know what to look for, and how to address it properly. Also, in the same way you check your kid’s trick-or-treat candy for anything that might be harmful, you need to view unsolicited digital communications with a degree of healthy skepticism.

The unfortunate fact is that social engineering attacks (including phishing scams) work, which is why they’re commonly used by hackers. Even the most vigilant user can fall victim to a social engineering scam, which prompts people to wonder what makes a social engineering attack so effective. Researchers from the University of Erlangen-Nuremberg in Germany decided to pursue this thought and performed research into what makes people want to click on suspicious links.

Zinaida Benenson presented the university’s findings at the most recent Black Hat convention in Las Vegas. It was discovered that the success of social engineering attacks was largely due to the hacker understanding the circumstances of the scam and personalizing the link to appeal to the victim at that specific time: “By a careful design and timing of the message, it should be possible to make virtually any person to click on a link, as any person will be curious about something, or interested in some topic, or find themselves in a life situation that fits the message content and context."

In other words, proactive training and education aren’t enough. Even the best employee could click on a link that aligns with their personal interests. ZDNet uses the example of an employee who has recently attended an event and is then sent a link to an online photo album containing memories of the event. The user will want to click on the link to see what the photos are, regardless of who it’s from. Once he has done so, the hacker succeeds; he has appealed to the natural curiosity of the user, and thanks to the timing of the message, the user is almost guaranteed to click it.

Another common example is an employee who is experiencing persistent technical trouble with their workstation. They might receive an email from “tech support” claiming that the problem can be resolved by downloading remote access software. The frustrated employee will click on the link because it fits their current needs and situation and because users typically trust tech support.

Just like how it takes energy to build an impressive Halloween persona, these hackers require immense time and preparation in order to successfully pull off a social engineering scam. These types of personalized attacks make social engineering scams challenging to protect yourself against. Yet, not all hope is lost. Educating your employees on security best practices and implementing spam blocking solutions designed to eliminate spammy emails may be the best way to avoid a fright.

Have a safe and happy Halloween, from all of us at Ferrum Technology Services.

Tip of the Week: 2 Cool Services that Let You Try ...
DDoS-for-Hire Botnets are Causing Major Headaches ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 07 November 2024

Captcha Image

Blog Archive

2012
January
February
March
April
May
June
July
August
September
October
November
December
2011
January
February
March
April
May
June
July
August
September
October
November
December
2010
January
February
March
April
May
June
July
August
September
October
November
December
2009
January
February
March
April
May
June
July
August
September
October
November
December
2008
January
February
March
April
May
June
July
August
September
October
November
December
2007
January
February
March
April
May
June
July
August
September
October
November
December

Mobile? Grab this Article

QR Code

Contact us

Learn more about what Ferrum Technology Services can do for your business.