Don’t Be Fooled for Halloween

Written By Janelle Hsia

October is not only known as the spookiest month because of Halloween but it is also CyberSecurity Awareness Month (CSAM).  CSAM is a collaboration between government and private industry to raise awareness about online privacy and security.  It is about empowering everyone to protect their personal data from online crimes.  Join us in the celebration of keeping everyone safe online!  Your organization should focus on social engineering and recognizing and reporting phishing.

What is Social Engineering? 

People are the weakest link in all organizations and the hackers know this, and they exploit the weakest link – you and me.  They do this through a technique called social engineering.  Social engineering is the act of manipulating, influencing, or deceiving you in order to gain control over your computer or get you to send them sensitive personal data. The bad individual might use email, texting, or a phone call to gain illegal access.

How Do They Do This?

The hackers will use every trick in the book to get what they want.  Sometimes they can even be charming and nice.  It’s up to us to be vigilant.  If you have doubts about whether something is legitimate, slow down and double check.  If it seems too good to be true, it probably is because hackers will promise you anything.  If you feel threated or intimidated, this is another sign that a hacker is trying to get you to do something you shouldn’t do.   Some of the tactics they will use are as follows:  

·       Fear.  Fear of losing your job.  Fear of exposure.  Fear of blowing a big deal.

·       Urgency.  It will be critical and time sensitive. It will be an emergency and they will apply pressure so you act without thinking about it.

·       Kindness.  We all want to be helpful, and the hackers know this too.  Always go the extra step to ensure the person is who they say they are especially if they want something valuable or if it is urgent. 

What Can You Do?

·       Be suspicious and be careful.  Challenge the requester’s identify if you need to. Don’t assume that the caller ID on your phone or the email is legitimate.  If it is legitimate, they won’t mind if you call them back at the publicly listed phone number.  In emails, you may receive an innocent looking link or attachment that isn’t safe.   Contact the real person or organization through a KNOWN and SAFE method before continuing the transaction.

·       Confirm their request.  Always ask.  If something doesn’t seem right or they aren’t giving you the information you need ask them to talk to your manager or other trusted colleague.   Hackers usually don’t want to hang around or get more people involved.  They want to be quick.

·       Slow down and pause interactions.  Don’t let yourself be forced into sending information or making a decision quickly.  Real interactions take time and people understand this.   Use caution especially if the requestor states that it is urgent.

·       Be comfortable saying “I need to check”.  It’s better to be safe than sorry.  A lot of social engineered plots don’t hold up with close inspection.  Asking just a couple of additional questions like – let me verify this, who are you, why do you want this, and what will you do with it are enough to find the fake.

·       Follow all policies and procedures.  If you have questions, ask IT.

Janelle Hsia
Previous

Protect What You Value
Next

My car knows more about me than my husband