Posted on Mar 30, 2020
Hackers will exploit our fear and doubt every opportunity they get. They take advantage of the one weakness every business has: human psychology. Using social media and other channels, these attackers manipulate people into handing over access to sensitive data through fear-mongering or trust tactics. In the wake of the recent COVID-19 pandemic, they will go as far as using our fear of the biological virus to infect us with a digital one.
Take for example the advisory released by the World Health Organization warning of ongoing scams following the outbreak of COVID-19. These scams exploited individual’s fears and the uncertainty of the disease’s spread. For example:
During this prolific period of change, we need to be on the lookout for these four types of cyber crimes that leverage our emotions in order to gain sensitive data:
Phishing is one of the most common “scareware” tactics hackers use to leverage our fear in order to obtain personal information. At a high level, phishers seek to accomplish three things:
Phishers can use social platforms, and other media to target their victims and aren’t worried about taking advantage of confusion during a crisis. The major signs of a fake social account include:
Always trust your gut and don’t accept a friend request from somebody you don’t know.
Baiting is similar to phishing in many ways. However, the cyber criminal will entice their victims with the promise of goods. For example, baiters may use the offer of a free movie download to trick users into giving them their login information. During this time of social distancing, many people may fall for this trick due to isolation and boredom.
Baiting is not restricted to digital schemes, either. In July, 2018, state and local government agencies received Chinese postmarked envelopes that included a jumbled letter and a compact disc (CD). The premise was to pique interest so that recipients would load the disc and inadvertently infect their computers with malware.
Pretexting is another type of social engineering where cyber thieves steal personal information through a fabricated guise, or a good pretext. In these types of cyber attacks, the scammer will ask for specific bits of information from their victim to confirm their identity. In actuality, they will use the data to commit identity theft.
Pretexting works by building a false sense of trust with the target. This requires the scammer to create a credible story that leaves no room for doubt. Pretexting can take on many forms, including scammers masquerading as HR personnel, as Verizon found in its 2019 Data Breach Investigation Report.
Similar to bating, this type of social engineering promises a perk in exchange for sensitive information. The benefit is typically a service, whereas baiting promises goods.
One of the most recent quid pro quo attacks involved scammers impersonating Social Security Administrators. They contacted random victims to tell them that there had been a computer issue on their end and asked those individuals to confirm their Social Security Number.
Every organization must remain vigilant during this trying time. It is only through good hygiene – both personal and digital – that we can stop the spread.
SecurityScorecard allows you to take a proactive approach to managing social engineering risks. By leveraging our platform capabilities, you gain an outside-in view of your organization’s cyberhealth and better understand the risks in your IT infrastructure.
SecurityScorecard Ratings provide you with the ability to continuously track your cyber-health, helping to prevent social engineering attacks before they can happen.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You can’t manage what you can’t measure. Check out our list of the top 20 cybersecurity KPIs to track in 2021.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.