Your mission: Stay safe from Social Engineering scams
Social engineering & Hungry Hackershackers
Cybercriminals are hungry for your clicks and information! They will do anything to get their hands on your data – even trick you psychologically. Social engineering is when a Hungry Hacker tries to trick you into giving them your private information or allowing them access to an otherwise restricted area.
Despite network and spam protection, most successful phishing attacks occur within a safe email server environment.
About the controller – What is Pretexting?
Pretexting is a form of social engineering where hackers focus on setting the stage and building trust. They create a believable backstory and scenario to which you will hopefully ‘play along’ in the hopes of getting access to your private data.
Identity theft
Often pretexting is executed by a cybercriminal posing to be from some service or authority, claiming to need your login information or password to confirm your identity or to fix a specific issue. Hungry Hackers steal your data and often use it to commit identity theft or to execute ‘Stage 2’ of their cyber attack.
Skip the side quests – avoid phishing scams
Phishing scams are currently the most common type of social engineering attack that occurs online. Any successful phishing scam aims to gain your data by tricking you with fake links, attachments or web pages. For a phishing scam to work correctly, Hungry Hackers need to make you feel a sense of urgency, curiosity, excitement or even threat.
There is no universal template for phishing emails, making it essential that you are always on ‘Aware Mode’ to avoid any nasty inbox invaders from tricking you.
70 – 90%
of all malicious data breaches are related to social engineering & phishing attacks.
Deceptive phishing
You will receive an email from a familiar sender. It will address you with a generic greeting and requires your login information to confirm your identity.
The abovementioned is one of the most typical phishing scams, and will often try to trick you by asking you to reply with login information, click on a fake link, or even click on a legitimate link of a webpage that has been ‘pharmed’.
1.5 million
new phishing websites launch every month
Spear phishing
This scam is commonly found on social media sites or in emails from recognised senders. This time, the Hungry Hacker takes it to the next level and even addresses you by your name and imitates a known or familiar service.
But once you fall for the scam and interact with it, your Cyber Safety Health instantly decreases and cybercriminals can gain access.
95%
of successful attacks on business networks are due to successful spear phishing
CEO fraud
These phishing scams have larger targets – CEO’s & corporations. Cybercriminals lure or threaten persons who hold onto vital information about finances, company operations or even the employees.
Sometimes, coaxing executives to divulge employee W-2 information. Hungry Hackers can now access info on your salary, tax, medical aid information and much more.
CEO fraud has risen by over 500% since the start of 2018.
Vishing
With these scams, often conducted via telephone, by impersonating public entities such as banks and other services, cybercriminals will try to trick you into giving out sensitive data, so they can gain access to your identity and personal life.
Smishing
This phishing scam occurs via text message on mobile devices. Hungry Hackers pretend to be a public service and try to coax you into clicking a link or replying with vital personal information to confirm your identity.
The sense of urgency usually conveyed by the cybercriminal is what makes this scam work well.
Pharming
Cybercriminals set up detours and invisible walls to get all the critical data and even funds from corporations they want. Introducing a corrupted cache onto a server, ‘poisons’ the Domain Name System (DNS). So all the traffic is diverted to fake pages and servers under a new IP address.
Cybercriminals and malware collect visitor data and can now even be automatically installed on various systems with ease.
Zombie phishing
The rising risk of phishing scams has resulted in several victims giving up their data by clicking on the wrong link or installing the illegal software. Cybercriminals can now use your email address and profile to take the scam to the next level, and roleplay as you.
Using this profile, they can either spread their scam to all your contacts or commit a secondary crime with your data.
Outsmart their strategy – Baiting & Quid pro quo
Much like with phishing, baiting scams involve a cybercriminal getting into contact with you to offer you something enticing, which seems personalised and for a limited time only. This promise usually leads to you having to divulge your info or clicking on a shortened URL that leads to a malicious site or download.
Quid pro quo (Latin for ‘a favour for a favour’) is a popular social engineering method Hungry Hackers use to gain access and info. Posing as an essential service, they may offer to fix your problem over the telephone or email, but only if you give them something in return. Cybercriminals can easily manipulate their way into restricted areas this way.
OVER 98,000
COVID-19 domain names released since January 2020
Not Just digital
Baiting and ‘quid pro quo’ are not limited to the digital realm, and plenty of scam artists are out there waiting to use their cheat codes and steal your data and funds in other ways.
Let the Hackers lose – how to stay cyber safe:
We maintain strict controls to help protect our networks and systems from cyber-attacks. Even though these measures are in place, cyber threats are still evolving, and their numbers are increasing. Also though, staying cyber safe is a cooperative effort, your cyber safety is a single-player game.
What moves can you make to protect yourself?
- Take note of grammar and spelling errors in emails.
Most legitimate entities have proofreaders checking their emails.
- No calls from unknown numbers.
If you can’t trace the call, it’s best not to pick up.
- Don’t give out personal information over the phone.
Log in to an ‘https’ site to confirm details.
- Call back instead.
When asked for personal information on a call, opt to call the entity again on a legitimate number alternatively.
- Take note of tailgating.
Don’t allow anyone onto the company premises that cannot provide proper authorisation or identification. Don’t tolerate tailgating.
- Don’t click links in emails.
Instead, research the entity’s website online or alternatively visit that URL.
- Check the sender’s email address.
Ensure spelling and punctuation matches prior communications. If suspicious, report it to your IT department.
- Keep your password hidden.
Don’t ever give your passwords to anyone, and change them regularly.
- Be sceptical.
If you doubt the instructions provided by a colleague or executive via email in any way, be sure to confirm with a superior via telephone before proceeding. Especially if those instructions were to grant access to another source, or anything related to finance or critical processes.
- Stick to ‘HTTPS’ sites.
Always check for ‘https’ at the start of any website’s URL.
- Keep your anti-virus updated.
Perform regular virus scans.
- Activate Multifactor-Authentication (MFA).
Activating this makes it a lot harder for Hungry Hackers to gain access.
Report any suspicious activity to your local IT department or report the email to phishingreport@sappi.com