Social Engineering Serious Threat

What Is Social Engineering?

Social Engineering

The threat of social engineering scams has grown more than ever due to so many business employees working remotely out of the office, and social engineering comes in many forms. The most commonly spoken about is phishing but it gets much more intricate than that. We know about the hackers that use their technical skills to access and infiltrate a hapless victim’s computer and steal sensitive data.

There are other types of cybercriminals, however, who use techniques to undermine their victim’s cyber defenses. They ‘re called social engineers and they exploit the greatest liability in any and every industry: human beings. They use social media, phone calls and emails to trick people into willingly giving them valuable or desired information.

You may have heard stories of people getting calls offering credit card deals or one-time promotions. They try to take their targets information by claiming to be a representative of this or that company and requiring you to give them credit card information. This is social engineering.

In this article, we’ll focus on the most common types of social engineering attacks used to target victims into divulging information.

Scareware

Scareware involves victims being flooded with false emails and threatening notifications. Users are made to believe their computers are infected with malware or viruses, which encourages them to download software that infects the user’s computer with malware and viruses. Other names for scareware include deception software, fraudware and deception software.

Some of you could have encountered scareware at some point. They come in the forms of banner ads or pop ups that warn you about having an infected computer. It offers to install the software for you and direct you to a malware-infected site where your computer becomes vulnerable.

It can even spread through spam email so be weary of the messages you open.

Worm Attacks

In the past worm attacks have exploited the philosophy behind scareware, aiming to attract user attention to a malicious link or file. Worms were used most in the late 1990’s and early 2000’s but it’s still important to be aware of how they were so successful.

In 2000, the “Iloveyou” worm was spread in email attachments that managed to infect tens of millions of windows computers throughout the US. It started in the Philippines and spread to the west via corporate email systems, causing an estimated 5.5-8.7 billion in damages.

Victims received an email inviting them to open a love letter. When they opened the file, the worm copied itself to all the contacts in victim’s address book. Notice, social engineering is about manipulating human emotion to gain advantage over someone and their information.

Malware links, as mentioned above, contain provocative words or graphics that compel you to open them, bypassing any anti-virus filters your mail could have.

Baiting

Baiting is what it sounds like, baiting the victim by appealing to greed or personal interests. This is particularly insidious because it often discourages the victim from reporting an attack. An unsuspecting user will read an email offering fake deals and shortcuts like free internet or other illegal benefits.

When these emails are opened, the trojan virus attached to the email or file corrupts the computer and encrypts the computer or spreads further through the entire system.

The victim will most likely be too embarrassed to disclose their reasons for opening the email in the first place, so it goes unreported.

A perfect example of this technique was when a trojan virus was sent to the corporate email addresses of employees in the form of a recruitment website. The criminals knew that the employees would be reluctant to tell their employers they were infected with a virus while looking for other jobs.

This type of attack isn’t limited to email, either. Cyber criminals have also used USBs infected with viruses also. The USBs are left lying around and all it takes is one person curious enough to plug it into their machine to ruin everything.

Pretexting

Pretexting is a social engineering technique that uses cleverly developed lies and deceptions to obtain information. In the case of pretexting, it’s usually done through the phone as opposed to online. The attacker will pose as an important figure, perhaps a CEO of an IT company, or a vender and use that as a pretext to gain desired information from the victim or victims.

This also requires the social engineer to develop a friendship with the victim through this impersonation. The impostor asks the target a series of questions as an authority figure, lulling the victim into a false sense of security.

The key in pretexting is manufacturing a scenario that the social engineer uses to engage their victim. A famous case dates to the 1970’s when Jerry N. Schneider used old invoices and manuals obtained by scavenging trash to start a profitable business. He got the invoices by looking through the Pacific Telephone and Telegraph dumpsters. He then used that information to acquire new telephone equipment posing as high-ranking member of the company and sold it back to PTT through his own company.

Phishing

Phishing is the most common type of social engineering scheme. The attacker creates a fake version of an existing website of a highly regarded or renowned company and sends the link to targets through email or social media. The reason it’s so low on the list is because it’s been discussed at length in other blogs.

Vishing

As we’ve discussed, social engineers don’t always use the internet to gather information. Vishing is the use of Interactive Voice Response IVR to trick their target. They attach the IVR to a toll free number and trick people into calling that number and enter their information.

Tailgating

Tailgating is when a person uses an authorized person to gain access to a restricted area where some form of identification is required to get through.

This doesn’t work with large companies with advanced security features that require bio-metric scanning, for example, to get into the building.

What tends to happen is, the social engineer impersonates a delivery driver and when an employee is entering the building the person passing as a driver will quickly ask the employee to  hold the door so that they might make it through. This occurs more often in smaller sized businesses that have comparatively lax security.

Quid Pro Quo

Quid pro quo attacks offer benefits in exchange for information. The most common type of quid pro quo attack involves impostors pretending to be IT service providers and make direct calls to as many members of a company as possible. These criminals offer their IT expertise to all their targets and ask the victim to disable their antivirus program to fix whatever issue present at the time.

 

Social Engineering Statistics

Preventing Social Engineering Attacks

Now that we’ve discussed the types of social engineering techniques, you might be wondering how to defend against these types of attacks. If you’ve made it this far then congratulations you’ve taken the first step, which is knowing about them.

With the emergence of smartphone technology, which puts powerful computers in the hands of so many people, information is very easy to come by. Unlike the days of Mr. Schneider, you don’t have to peruse through company dumpsters to access valuable data.

You, your company, employers or employees need to be more conscientious about what is posted online. Whether it be on a website, a social media page or via email.

To keep your devices and accounts safe, it’s important to implement strong passwords and two-factor authentication. Invest in IT, take the necessary measures to add anti-virus software firewalls and the like.

This is by no means a comprehensive overview of all types of social engineering, some are more detailed in nature and varied in scope. Tactics are changing with technology and cyber attacks are becoming more and more laser focused on specific targets. Instead of going for a large pool of potential targets, the social engineers and cyber criminals will go for one or two individuals. They gather such specific information that distinguishing a phishing scam from a legitimate email is getting harder and harder.

Getting help from an IT service provider you can trust might mitigate the risks of falling for any one of these tricks.

For more information on phishing and other social engineering tactics, visit our website or call us for more information.

Nerds Support Contact Us Leaderboard

 

Workplace remote work.

Workplace: What You Should Know

Software-as-a-service companies are more and more common these days. With many industries seeing the benefits of SaaS, there is growing interest in these types of services. However, finding the right service is the key. Of all hosted services, Workplace_ is among the best.

Workplace promotes remote team collaboration and improves employee productivity for your company. A cleaner, user-friendly interface allows you and your co-workers to find, access and share files, websites and apps easier than ever before.

What’s more, Workplace’s key upgrades assure its users better security and regulatory compliance, as well as make the platform a tool for remote workers and organizations who care about keeping their data safe.

So, what are the main changes that will transform your Workplace_? 

Makeover of the Workplace Web App in Windows and Mac

On Windows, you are able to resize the app as big as you wish, even entering full-screen mode in your computer. You could also minimize it as small as you want so it doesn’t take the entire screen if you’re working with multiple applications or browser windows.

On Mac, Workplace works perfectly with the OS version, Mojave. Upgrades were installed, fixing an issue that previously affected users: the inability to see some virtual graphics products. Developers working on improving this app went above and beyond not only fixing what users weren’t able to see or the app wasn’t able to display, but also enabling Workplace to function on multiple monitors.

Pin Any File or Folder to Your Launch Page

Workplace has a feature that allows users to “star” websites, applications, folders and files that you can open directly from the Launch page with just a simple click.

Workplace’s Feature: Websites

You are able to see all the websites you visit and work with on a daily basis in a section dedicated specially for that! You can “star” (or pin) a website to your Launch page and see the Websites section there, or you can visit the sidebar menu on the left to see all of your featured and frequently visited sites.

Also, you can save websites with or without including login credentials and set up your username and password without depending on a company manager to do so. And let’s not forget about the feature that allows you to share bookmarks and websites with your colleagues, increasing collaboration and team productivity levels.

Find All Your Hosted Apps in One Place

Talking about simplifying workflows and increasing productivity, Workplace gives Citrix (“hosted”) applications their very own section. Click on “Hosted Apps” on the app sidebar and you will find all your hosted applications, or “star” the apps you use the most appear in your Launch page for quick and easy access.

Streamline device management, business continuity, & consistency of your remote operations with our Workplace cloud solution.

See If You Have Compliance Issues

All apps in the Workplace desktop platform have a feature that perfectly aligns with the company’s mission of keeping our customers’ data safe and improving security compliance. “Compliance Status”, the latest feature on Workplace, is implemented on both Windows and Mac machines. It checks your devices to see how your compliance level compares to the industry’s best practices.

What’s more, if you have compliance issues, recommendations will be made to fix the problem and get you to 100% compliance.

Run your Firm from the Cloud

Workplace provides a comprehensive solution that combines cybersecurity and compliance needs. The all-in-one, cloud based platform delivers and intuitive experience that reduces risk of data leakage.

You can protect your firm’s most important data by ensuring that all applications run only from this unified cloud environment. There is also improved continuity and disaster recovery features so your operation stays fully functional through any event.

Multi-Factor Authentication Keeps Your Firm Secure

Workplace also reduces the risk associated with logins and passwords. Employees access customized applications with one-click access. It also comes with multi-factor authentication that conforms to NIST (National Institute of Standards and Technology) guidelines.

Furthermore,  Multi-Factor Authentication enforces authentication methods required by regulation.  These methods are supported by both iOS and Android as well so employees can use them, regardless of device.

 

For more information on the cloud, cybersecurity and more, visit our website.

 

Nerds Support Contact Us Leaderboard

Cyber hacker picks a safe lock through a computer screen

How CPA’s Can Stay Safe During Tax Season

With Tax Season Comes Cyber Theft

Tax season can be a nerve-wracking, even confusing time as people rush to gather paperwork and file all their documents on time.

It’s a busy time for CPA’s as well. With constantly changing tax forms and regulations, they have to educate their clients on how to file correctly and efficiently.

With that said, it’s important for both tax payers and accountants to remain vigilant of tax-related cyber-attacks.

Prepare For Ransomware

The number of ransomware attacks have increased since the rising demand for remote work, and sensitive tax information has become more vulnerable to hackers. In many cases, cyber criminals freeze files and data until accounting firms pay a ransom.

However, just because the ransom is paid it doesn’t guarantee they won’t use the stolen data afterward. The most recent tactic employed by hackers is to extort a CPA by threatening to release the data online or sell it to interested parties.

This is done now because companies are backing up their data more frequently and can simply undo the freeze by recovering data from a point before it was infected with malware. In this case, the target can avoid the ransom payment altogether.

In response to properly secured data backed up on the cloud, cyber criminals are instead choosing to use the extracted data itself as leverage.

Some of you might be asking, “If hackers can extort my company by threatening to release client data instead of freezing it, what’s stopping them from doing it indefinitely?”

The answer is: there isn’t. In theory, once your data has been obtained the thieves can use it in any way they deem profitable. There are even instances hackers receiving the payment and continuing to use the data to file false returns.

Once they have the data, hackers rush to file taxes electronically before the victim can. If the victim is too late, when they attempt to file taxes, the IRS will reject their submission. This is because the IRS refuses tax returns when there are filings with duplicate Social Security numbers. Sometimes, scammers will pose as the IRS through phone calls and emails. Here are some facts to consider if you’re ever in this situation:

Tax Season IRS Phishing Hints Stats

Cyber Scams Come in Many Forms

A vast amount of phishing campaigns are conducted by hackers during tax season. Emails, phone calls, SMS and text messaging are all mediums hackers use to manipulate targets. Some quick tips to help avoid a cyber breach are as follows:

Ignore Robocalls and Unfamiliar emails.

Anyone claiming to be the IRS through a phone call is obviously a scammer. But, hackers are getting more sophisticated. Hyper targeted email content is the best way a hacker can manipulate their victim to open an infected attachment or link.

The rule of thumb for safe emailing is not to share information with unconfirmed or unknown email accounts.

Hackers will pose as the IRS emailing clients a “tax transcript” as a way to get them to up social security numbers, passwords, credentials etc. Frauds use this ploy constantly. Any email that requests you provide sensitive data, no matter how legitimate it appears should raise alarm.

Encrypt, store and track all data.

As previously mentioned, Cyber criminals are getting more creative. There have been instances of hackers changing the address of a business so that notifications get redirected to another location.

Luckily, software exists to better vet and evaluate business returns.

This example illustrates the point that a breach might not have immediate red flags. Therefore, keep all data secure and encrypted.

Always send or input data on secure websites when needed. If you have data stored in the cloud, check that the provider follows the appropriate compliance mandates for security. Also, verify that they have a security plan and tools in place to guarantee your data remains in your possession alone.

91 percent of all cyber attacks come in the form of phishing scams.

The reason for this is simple, people will always be any organizations greatest vulnerability.

Taking the steps required to recognize and prevent a phishing attack is the first second and third priority of firms, businesses, and clients alike. All of the security and high-grade protection in the world is useless in the face of a careless user. There is only so much cyber security can do.

In the same tax professionals adapt to changing tax codes and policies, they should adapt to the shifts and changes in cyber attacks.

Tax Season Cyber Security Tech Tips Leaderboard

 

Employee being productive working from his home office desk

Boosting Engagement, Productivity, and Supporting Your Employees Inside and Outside of the Office

Due to the impacts of the pandemic and efforts to keep individuals as safe as possible during these uncertain times, many companies have adjusted their business structure, adapted to a remote workforce, and made necessary technology advancements to meet the needs of their employees. Although a challenging time, it has also brought about many learning and growth opportunities for companies, leadership, and employees alike. As a business leader, you can continue to modify your company to the best of your ability while taking measures to boost engagement, productivity, and take action to support your employees whether they are working in the office or remotely.

1. Invest in technology for improved communication

Especially with a partially remote or fully remote workforce, technology is the main factor when it comes to productivity and efficiency. When technology is not properly set up to help employees, it can hinder their performance and motivation. Especially if they are bogged down with manual tasks that can easily be simplified or made more efficient using technology solutions. It’s important to implement a communication and chat system for your employees to allow for collaboration or discussion. Investing in technology will improve the productivity of your employees and make their lives easier day in and day out. That initial contribution will provide you with more than enough return on your investment as your workforce will be better equipped to handle problems and improve daily output.

It’s also worthwhile to consider investing in IT solutions that can help with troubleshooting issues that your employees might not be able to solve on their own. Once again, this can save time and money by allowing your employees to find quicker solutions to problems with minimal impact on their workflow. In addition, it’s critical to be educating your employees on ways to prevent cyberattacks when working remotely or viruses that can be harmful to personal or company privacy. Technology issues are inevitable but having the appropriate tools and IT consulting action plan in place to help navigate these problems and will save your employees unnecessary headaches.

2. Optimize your employee onboarding experience

If you’ve had the luxury of taking on new talent during the last year, it’s more important than ever to have a well-developed workplace orientation program that can aid new team members in getting up to speed as quickly as possible. Again, if any of this process involves remote onboarding, it’s necessary to make sure new employees feel comfortable and connected with their new job and coworkers. Some ways that leadership and HR can deal with matters outside daily workflow is by explaining company benefits such as health, dental, or vision. Displaying plans for additional work perks, flexible spending options, and additional learning opportunities can be helpful information. It shows that your company is well-rounded and cares about the professional growth of its people.

3. Encourage employees to plan for their future

Another way to show your support is by encouraging your employees to plan for the future. Starting to contribute to retirement early on can have a huge impact on your financial future and the way you are able to support yourself in the years to come. As an employer, you can make it easy for your employees to contribute to their retirement by automatically taking a small portion out of their paycheck and applying it to a 401k or other retirement plan. Another protection that is helpful and necessary in this day and age for peace of mind is securing a life insurance policy. Having a plan in place has never been more critical and by taking the time to explore some of the best life insurance providers on the market, you can help encourage employees to secure their financial future and protect their loved ones. Taking the extra step to show you care about the well-being of your employees will go a long way in their trust for you and your business.

4. Implement a leadership or mentorship coaching program

Employee engagement is a key driver in creating a successful workflow and business structure. If you can count on your employees to deliver on time with quality work, you can focus your attention on bettering the business and improving the daily operations of your workforce. By implementing a program that trains managers and senior employees on how to be great leaders, you can further rely on others to provide necessary encouragement, support, and training that won’t take away from your responsibilities. Even your top employees can learn a thing or two about leadership and how they can improve their deliver to get better results from those employees underneath their supervision. Developing virtual seminars and providing programs to help employees further advance their leadership skills is a great way to improve your company by focusing on what matters most—its people.

5. Streamline or outsource business services

If you’ve been a hands-on owner who takes responsibility for managing the ins and outs of your business, you’re not alone. With that being said, there comes a time when you cannot effectively manage everything from business acquisitions to employees, to finances and relationships. It’s important that you streamline certain areas of your business to give yourself the time and energy to focus on tasks that need your attention. Especially for a small to medium-sized business, managed IT services can help you to accurately and easily handle your accounting, financial management, or logistics firm. Consider it a weight lifted off your shoulders as this forward way of thinking can help you organize your business and allow you to focus your time on your company leaders that require your guidance.

6. Create organized meeting plans and recurring check-ins

In a remote setting, it’s important to set recurring meetings and check-ins to help hold your employees accountable for their work as well as keep you informed about problems they might be facing. By coupling this with a mentorship program, you can encourage more senior employees to take ownership of these team meetings and create an open and encouraging environment. By setting clear expectations, goals, and initiatives, there is always a conversation to be had about successes and shortcomings—both of which are necessary for growth. You can rely on your IT solutions and advanced tech tools that can provide error-free virtual meetings, calls, and video chats. In addition, your employees will feel like they have a place to share their progress or talk through possible solutions.

7. Get to know employees on a personal level

One last piece of this puzzle towards growing a business in this unique way is gaining trust and connection with your employees. Getting to know your employees, their skillsets, talents, and their passions can help you assist them in their career progression. Knowing personal and professional strengths or weaknesses can help managers and supervisors provide the best feedback to help employees improve in specific areas of expertise. Inquiring about prior work experiences, education, or unique jobs is beneficial and it provides a level of connection. Encouraging employees to reach out with questions that might involve their job, technology, or career shows that your support goes beyond their daily production.

Technology adaptations and modern workplace solutions have allowed many businesses to transition to remote work quite seamlessly. With that being said, there are considerations for business leaders to continue to make modifications that can help improve their employee experience and productivity at the office or in a remote setting. By providing technology such as IT consulting, Managed IT services, and IT solutions, you can better serve your business and allow for a more streamlined approach to growth. Continuing to take steps to support your employees, improve your business structure and advance your technology, you will set you up for a successful future and business possibilities.

Nerds Support Contact Us Leaderboard

Nerds Support named on CRN Pioneer 250 2021 List

Nerds Support Ranks Top 250 on CRN’s 2021 MSP List

This week it was revealed that CRN®, a brand of The Channel Company, has named Nerds Support Inc. to its 2021 Managed Service Provider (MSP) 500 listing in the Pioneer 250 classification. The listing, released annually, acknowledges the leading North American solution providers that have demonstrated groundbreaking as well as forward-thinking approaches to managed solutions. These services assist end users improve functional efficiencies and also maneuver the ongoing intricacies of IT services, while maximizing their return on IT expenditures.

To read the full press release, click here.

About the CRN MSP 500 List

With advanced methods to delivering managed services, MSP’s have ended up being an integral part of the success of organizations worldwide. They empower companies in leveraging complicated technologies, maintaining a rigorous emphasis on their core industry without stressing their spending plans. CRN’s 2021 MSP 500 list identifies the industry’s essential managed solutions professionals who are setting themselves apart with best-of-breed solutions that offer the business results clients need.

The MSP 500 list is divided into 3 sections: the MSP Pioneer 250, identifying firms with company models weighted toward managed solutions and greatly concentrated on the SMB market; the MSP Elite 150, acknowledging substantial, data center-focused MSP’s with a solid mix of on-premises as well as off-premises services; and the Managed Security 100, recognizing MSP’s focused primarily on off-premises and cloud-based protection services.

“Effective MSP’s make it possible for firms to concentrate on their core objectives while strengthening the quality and integrity of their cloud computing functionalities,” said Blaine Raddon, CEO of The Channel Company. “The service providers on CRN’s 2021 MSP 500 list deserve acknowledgment for their innovative and also forward-thinking methods to managed services, as well as the ability to optimize functional efficiencies and systems to optimize return on investments.”

About Nerds Support

Nerds Support is consistently advancing the limits on what it signifies to be a Managed IT Provider, from offering special assistance to customers that were struggling through the uncertain months of 2020, to going so far as to obtain their SOC II certification last summer. This is evidence that not only do they have the technology, but the systems and also expertise in position to maintain businesses running even in one of the most unanticipated periods.

“My team and I are humbled to accept this award that exemplifies pioneering technological development in South Florida! I could not have done this without my remarkable team as well as customers that we have indeed been so privileged to continue supporting throughout this unpredictable year.” Stated Nerds Support Founder & CEO, Scott Richman.

The MSP 500 list will be included in the February 2021 publication of CRN and online at www.CRN.com/msp500.

Nerds Support Contact Us Leaderboard