Have you heard of social engineering? In the IT world, it’s when the bad guys manipulate people into giving away confidential information. An unfortunate example of this comes from a story I read recently about where a hacker called into the main line of a local office and said the following:
“Hello, I’m Joe Shmo with AT&T working on an internet issue across the street at the car dealership. I’m just calling to confirm you aren’t having any problems or performance issues?”
The office stated that everything seems fine.
Jo Shmo continued: “Would you mind running an internet speed test? Just go to ATT.speedcheck.com and click on the ‘Test Speed Button.’”
The unwitting office person clicked the button, and *surprise!* the scam button link tried to download malicious code to the user’s system. Fortunately, the firewall security blocked the hack attempt. Unfortunately, it gave the hacker additional information, such as the user name, the web browser being used, and the public IP address of their company’s internet.
Moral of the story: cybercriminals are devious and manipulative, and they’ll find seemingly innocent ways to steal your data. It’s crucial to train your team to be suspicious of unscheduled calls, links shared over phone calls, and other attachments. Many times, hackers will do it without you ever knowing. Over the years, we’ve run dark web scans on many clients over the years and regularly find compromised accounts with passwords.
There are many great testing and training solutions available to keep you safer and aware, and I encourage you to make it a priority to start training today. We can help! In the words of Sgt. Phil Esterhaus of Hill Street Blues, “Let’s be careful out there.”