Fraudsters are no longer the slick wise guys who can charm their way into anyone’s savings accounts you see on TV. Today’s swindlers are more likely to appear as computer whiz kids who like to masquerade as a Nigerian prince or Bill Gates on the internet. And here’s the amazing part: Some people believe these cons.
Make no mistake, these scam artists have many tricks up their sleeves apart from phishing emails. So it might not be today, it might not be tomorrow, but one of these days you or your employees will become a target of a cyberscam if you’re not careful.
The bait and switch
Phishing scams are a hacker’s bread and butter, but the bait and switch is another common con with an alarming success rate because it preys on people’s curiosity.
The classic example of a bait-and-switch con is when a scammer leaves a virus-laden USB drive in an open space with the hope of someone picking it up and inserting it into their PC. Another example is when hackers leave malicious links on web pages, waiting for someone curious and stupid enough to click on them.
While these tricks can be easily avoided, baiters use sophisticated tactics to bamboozle their targets. For instance, instead of just posting a link, they can entice people into clicking it by offering free software or even the chance to win a “free iPhone.”
Not all scams involve super advanced computer skills. The piggyback scam relies on taking advantage of someone’s authorization to break into a secure building.
And it doesn’t have to be as elaborate as Ocean’s 11. In most cases, attackers will befriend one of your employees during lunch and follow them back into the building afterwards. They could even don disguises as everyday employees who claim to have lost their badge and so ask others to let them in.
Once inside, they can do pretty much anything they want. They can install spyware, infect systems with ransomware, steal your favorite mug, and basically destroy your company from within.
The “prank” call
If piggybacking doesn’t work, there’s always the telephone equivalent of phishing, also known as vishing. In this scam, the fraudster, usually posing as tech support, calls and warns the victim about a potential problem with their computer. They’ll then ask for personal information, login credentials, and a deposit to do their “job.”
These scams are effective because they demand a quick response. Unlike phishing scams, where you have a few minutes to determine the authenticity of an email, vishing scams create urgent situations to convince victims to make poor, split-second decisions without thinking about where the call came from.
What’s more, hackers, like many con artists, are resourceful creatures that do a fair amount of stalking before they make their move. They check your company website, your LinkedIn pages, and even go into your trash to dig up files they can use to put on a persuasive performance.
The worst part is there’s no cutting-edge security tool designed to detect any of these scams. Your best form of defense is security awareness. That means don’t pick up strange items and plug them into your computer and hang up when someone asks you to divulge sensitive information over the phone. Even if it means shutting the door on someone’s face because they have no ID badge, you have to do it.
Original article found here.