How Cyber Criminals Use Social Engineering to Hack Businesses

How Cyber Criminals Use Social Engineering to Hack Businesses

Increasing numbers of businesses are installing security software to protect against hackers, but there is a form of cyber crime software can't prevent. Antivirus software and firewalls reduce the threat of malware and viruses, but they can't stop the most sophisticated cyber criminals.

Many cyber criminals are now part of large networks, and they share strategies and tools. There are underground marketplaces where they buy and sell identities, information and software used for hacking. The methods used by cyber criminals are constantly evolving, and they are now using sophisticated techniques to trick victims into revealing sensitive information.

Social engineering is a tactic used by criminals to manipulate people and lure them into a false sense of security. Common social engineering attacks include the following.

1) Phishing emails.

Phishing is a method used by cyber criminals to acquire confidential information such as account numbers, user names and passwords. A phishing email will typically contain the name and branding of a legitimate business to give the victim confidence it's from a trusted source. If you have any doubts that an email is genuine, contact the company it appears to be from to ask if they really do need to check or update your details.

2) Malware attachments.

Cyber criminals use sophisticated techniques to install malicious software. A common method is to hide malware in email attachments. A company may be sent what appears to be an invoice or other document, and by opening it, they expose systems to an unwanted download. The use of so-called 'ransomware' is on the increase, and this is typically hidden in emails.

3) Posing as support staff.

If criminals aren't able to hack past firewalls and antivirus protection, they may make direct contact with a company and pose as IT support staff. Using social engineering methods they give the impression they are calling to help, but their goals are to trick a member of staff into revealing sensitive information. Criminals posing as support staff may also direct a victim to a bogus website from which malware is downloaded and installed.

4) Prize winner scams.

As the old saying goes, if something sounds too good to be true, it probably is. Pop up inviting you to 'click here' to claim a prize are used in social engineering scams and should be treated with extreme caution. If you haven't entered a competition, it's unlikely you've won a genuine prize. These scams often involve the victim being asked for bank details for a money transfer, and revealing these can result in your account being emptied.

5) Identity cloning.

Identity theft of individuals has been a problem for years, and criminals are now using the same techniques to copy the identity of businesses. A typical crime will involve copying a company's logo and using it in bogus emails. Fraudsters can use a company's identity to open credit accounts, issue invoices and place orders for goods and services. Facebook pages and other social media accounts are rich source of information for cyber criminals to carry out identity theft of businesses.

Cyber crimes involving social engineering are on the increase. They often target more junior members of staff in a business, and can go undetected for some time. Vigilance is key, and business owners need to ensure that the risks are understood and that all staff are alert to suspicious activity.