Posts

cyber hacker breaches the security of thousands of Canadian CPA firms

CPA Canada Breach Exposes Over 300,000 People

Data Breach in CPA Canada

A breach of CPA Canada exposed the personal data of over 300,000 Canadian accountants and stakeholders.

According to existing reports, the information pertained to the distribution of CPA Magazine. CPA Canada said credit card numbers and passwords were encrypted and not among the exposed data. The cyber criminals accessed CPA Canada members’ contact information on the organization’s website.

Approximately 329,000 individuals were notified of the breach and warned of possible attacks in the future.

It warned members to stay vigilant of possible phishing emails, texts or phone calls that may come as a result of the attack.

Taking Secure Steps

Members of CPA Canada will have to check their emails frequently and be careful not to open any attachments from unsolicited messages.

CPA Canada took steps to secure its systems to secure their site, however the breach could have happened months earlier. As is the case with many breaches, it’s difficult to pinpoint when exactly a breach happens.

The association ties the incident to an alert issued in April about a phishing campaign that requested users to change their CPA Canada password due to a website breach. This is a common way cyber attackers gain access to information.

A similar breach occurred after the launch of Disney Plus. Experts say that hackers sent fraudulent emails asking users to “verify” their passwords so they could be saved and sold on the dark web.

They explain that the emails originated from the IT department where the victim was employed. The emails indicates that the IT department suspected a security issue with the domain cpacanada.ca.

This is Nothing New For CPA’s

Unfortunately, this type of event is too common for accounting firms. In April 2020, the IRS issued warnings to taxpayers and firms to be aware of phishing scams involving the stimulus checks from the CARES Act.

Cyber security experts advise accountants to take even greater care of their data especially when working remotely.

Forcing digitalization has left many firms more vulnerable to attacks than ever. The usual types of phishing attacks are all present only now they’re more frequent. Hackers know that firms that had issues shifting to a remote environment left many digital vulnerabilities exposed.

The IRS itself had struggled with enabling employees to work remotely. Changes to internal systems and readjustments made for enabling remote access leaves gaps for attackers firms might not otherwise have.

Some Firms are More Vulnerable Than Others

CPA Canada reports that all activities are normal for now, but things could have turned out much worse. Accounting firms that neglect their cybersecurity can quickly become the victims of hackers. The moment attackers gain access, they encrypt and freeze data until your firm pays their fee.

Larger firms are safer because they perform frequent audits and have security consultants ready in hand. However, smaller firms might not have the resources and cyber security skills necessary to protect themselves.

These firms still deal with sensitive financial information so they become preferred targets by hackers. It’s much easier for a hacker to attack several small firms than one larger one.

Conversely, firms experience attacks caused by spiteful or careless employees. Performing regular backups is better than doing nothing but there is no guarantee the hacker won’t just keep your data hostage. Paying the ransom doesn’t guarantee an end to the attack either.

How Do you Prepare Against Phishing Attacks?

The best way to prepare for an attack is to do incremental backups and consistently testing those backups. Backups are useless if you can’t restore your systems should something happen.

Working Remotely Adds New Risks

Now that CPA firms are working remotely, they might not have the same resources or security measures they would have in an office setting. Firm employees typically access applications through their secured office desktops. Accessing these same applications on a personal device could mean they are easier to breach even with a VPN.

IF a CPA failed to assess the security measures needed to function remotely it can leave the doors open to a cyber attack that breaches systems quickly.

Compliance is Key

A way smaller firms can avoid scenarios like the one mentioned above is by applying best practices when it comes to IT security. Even if you are a smaller firm with limited IT personnel, there are Managed IT services providers that can supply you with the needed boost in security.

How? By doing what the larger firms are doing, applying best practices to all of your systems. A CPA has to follow strict compliance regulations in order to operate. SOX and FINRA regulations, for example, require regular audits that demonstrate sensitive financial data is kept safe.

The added benefit achieving compliance is that it requires a secure IT infrastructure. By auditing and verifying compliance firm are also checking for cyber vulnerabilities.

Cyber criminals have learned that companies are increasingly more difficult to infiltrate by directly breaking through their security systems. That is why they rely on phishing attacks to go around this problem.

Phishing Attacks Still Happen Because They Still Work

In the case of CPA Canada a phishing scam exposed valuable information. Phishing scams are still the most popular form of cyber attack today. That is because it doesn’t target a network, it targets the user.

Phishing is all about manipulating the target into performing an action. It can be downloading an infected attachment or clicking on a malicious link.

With phishing scams, hackers don’t have to worry about the strength of a firm’s network because no matter how strong the network, it’s only as strong as its most gullible employee.

It can be even worse when added to a remote environment. Having a dedicated team of IT experts available 24/7 improves an employee’s chances of avoiding a phishing attack altogether.

Nerds Support has comprehensive IT solutions that allow our technicians to flag and monitor potential email scams. However, the safest action to take if you have a limited IT team is to send suspicious emails over to your IT department rather than opening them yourself.

CPA Canada has contacted the Canadian Anti-Fraud Center and private authorities to conduct a proper investigation. Only time will tell the ramifications of this breach and how vulnerable those affected really are.

Top Security Tips for Safe Emailing

Not a day goes by without another phishing scam hitting the news. For many of us, these are just headlines. For the organizations and individuals affected however, a phishing attack can be disastrous. Phishing emails are increasing in frequency, sophistication and severity. How can you best stay protected?

Email threats

Criminals have realized that in order to steal money or information, you don’t need to rob a bank. A simple email will do the job just fine. Phishing emails have been used to steal huge amounts of money ($12 billion according to the FBI) and are responsible for countless data breaches, credential theft, ransomware attacks and other types of malware deployment.

What’s more, thanks to criminal activity on the Dark Web, it’s not only credit card details that are for sale – now full phishing kits are available, starting at around $25.

Most email threats fall into the following categories:

  • Simple scams
  • Phishing emails
  • Fraudulent emails

Simple scams: these range from the classic “you’ve won a competition” to “we’ve been recording you on your web cam” or “your account’s been compromised”. Generally, these are pretty harmless and easy to spot. They rely on emotions such as fear to trick a user into taking action.

Phishing emails: these are emails that purport to be from legitimate senders, yet are cleverly disguised fakes. They range from sophisticated Business Email Compromise (“BEC”) emails – where a fraudster targets someone specific in an organization pretending to be the CEO, for example – to more general emails pretending to be from Microsoft, Netflix, or any other well known organization.

These emails either get you to click a link or download a file – deploying malware onto your system – or direct a user to a fake website where they enter sensitive information.

Fraudulent emails: a subset of phishing emails, these emails target companies pretending to be from suppliers whose banking details have changed. Money is paid into the new account, and the fraudster rides off into the sunset.

Next, we’ll look at what exactly to look out for so that you don’t fall for any of these.

What to look out for

Here are the most important things to look for when checking if an email is legit:

Sender: start by looking carefully at the sender’s address. Not just who they say they are – but the actual address that the email is coming from. Check for any additional or missing letters (“@microsofts.com”), or even non-English characters that can be used to spoof well-known addresses. A common trick is the use of subdomains – don’t be confused by amazon.xyz.com.

Content: look out for anything that’s made to look urgent. Is the message addressed to you, or is it generic, like “Dear Sir” Mouse-over the links. Do they lead to the real company’s website? Asses what action the email is asking for: anything that requires you to “confirm your account” or “update your payment details” should be met with suspicion.

Be wary of any email that mentions voicemails that are waiting for you, or subscription details that need to be updated.

Advanced – header information: most popular email clients – including Gmail and Microsoft Outlook – let you see the original header information (in Outlook: File / Properties / Internet Headers). For more advanced users, going through these headers can give immediate clues as to whether an email is legitimate.

An important note: when it comes to emails, almost anything can be faked. When it comes to email phishing protection, a specific anti-phishing product is the best way to identify and stop phishing attacks. It’s also really important to stay aware, use a healthy dose of skepticism, and where possible confirm details with a phone call.

Staying Email Safe

By protecting your email, you’re taking a massive step in terms of keeping your entire organization protected against cyber threats.

A winning combination combines awareness, training, and tech-based solutions working together to keep you safe.

If you want to find out more about keeping your organization protected against cyber threats, don’t hesitate to get in touch.

South Florida Law Firms Ransomware Data Breach

Ransomeware Attack in Coral Gables, Florida Puts Law Firms at Risk

Cyber Attack in Coral Gables, Fl

The Coral Gables-based company TrialWorks, a software company that manages electronic records for thousands of law firms in the US, was subject to a ransomware attack. Digital legal documents were held hostage in a classic ransomware attack.

Last Thursday, one of the law firms who’s information is kept by TrialWorks, was forced to request more timed to meet a filing deadline in an important case in federal court because it could not access its documents.

How did it Happen?

TrialWorks alerted its customers about the breach and stated it was caused by a Microsoft service outage affecting Outlook desktop and mobile apps, according to court records.

Software management services like TrialWorks continue to grow as law firms look to store their abundance of electronic documents in a host facility. This part of a larger trend of digital transformation.  In other words, the cloud. And as industries move their files and digital information to the cloud, security becomes essential against cyber threats. Government facilities throughout Florida have already suffered from cyber-attacks involving ransomware. Banks have experienced breaches as well.

Cloud computing is the natural progression of software technology. The old client-server model of getting physical disks and installing software on local servers was the only viable solution for the better part of two decades. Now industries are looking to cloud technology for a more practical approach to data storage.

TrialWorks alerted the law firms and attorneys that use its case management services that they could not access their electronically stored documents while they were resolving the breach issue. This created a more issues as TrialWorks informed customers that it had a high ticket volume and response times would be delayed.

The company merged with another company, Needles and expanded greatly. Law firms using Trialworks suffered significantly. Attorneys working cases couldn’t access the necessary files and creates set-backs that impact TrialWorks and all of their clients.

Data Breaches & Cyber Attacks

Data breaches, social engineering and ransomware attacks are devastating and are, unfortunately, underestimated by small and medium sized businesses. One of TrialWorks’ clients was a small firm of nine lawyers working on a civil litigation case. The TrialWorks breached slowed down their work. Their deadline issue was resolved, however, they have until November 14 to respond to a dispute over the testimony of an expert witness. This response requires access to critical documents in the case.

What happened at TrialWorks is not specific to them. In the month of September of 2019 alone there were 75 data breaches and a total of 531,596,111 breached records. This number is significantly less than August, which had 95 incidents total. However, there was an overall increase of 363% in terms of records breached.

A data breach happens when a cybercriminal successfully infiltrates data sources and extracts sensitive information. The more valuable the information, the likelier an organization is to become a target. The healthcare industry, for example, is often targeted. In fact, the medical industry is the top industries for cyberattacks. However, there are a number of other industries also vulnerable to attack.

The most targeted sectors for cyberattacks are the following:
1. Healthcare
2. Retail
3. Financial Services & Insurance
4. Public Administration
5. Information
6. Professional/Scientific
7. Education
8. Manufacturing

Among these, the top three are Healthcare, Retail and Financial Services. These verticals are where average consumers, clients and patients expose their most sensitive information.

South Florida Law Firms Ransomware Data Breach Statistics

Healthcare

In healthcare, hospitals house a lot of private data. A patient’s medical record, social security, insurance provider, and medication are all valuable to a hacker.

Retail

Retailers are lucrative because of the swipe and go payment machines and the high amount of transactions make credit card or debit card information accessible to cybercriminals through various methods like skimming. Skimming is a means to get card data by creating a duplicate payment cards and re-using the copies.

Financial Services

It’s well known that over 25 percent of all malware attacks target the financial sector. Cyber criminals target financial services companies by implementing Trojan viruses to steal banking information and download data. One of the most famous examples of this was the Equifax data breach. The company’s estimated to lose over $600 million because of it. Furthermore, companies in the financial services industry are paying more to secure infrastructures and protect critical data from theft. That is why financial cloud computing is becoming popular in the industry. Cloud accounting technology is also on the rise.  However, criminals are still motivated to commit cyber crime due to the low risk, high reward nature of cyber-attacks.

Not Your Average Theft

Unlike a physical robbery, it isn’t immediately apparent when you’ve experienced a data breach. It can take weeks, months or, in some cases, years before a breach is discovered. Hackers use this to their advantage, targeting the weaknesses within regulatory guidelines. That’s why it’s important not to take any compliance risks.

These cyber breaches are becoming more dangerous and harder to detect. A financial company’s IT infrastructure is not enough anymore. Organizations are adopting a more proactive approach by employing advanced cyber security software, multi-factor authentication and expert security response professionals layered on top of efficient cloud technology. As a result, financial cloud providers not only anticipate attacks as early as possible, but train financial services firms to assist in their own protection.

The breach in TrialWorks is a perfect anecdote to what can happen to any firm in a number or industries.  When you experience a breach, your company loses credibility, clients, resources and has to deal with all the ramifications of the breach itself. There are long, extensive investigations into the nature of the breach, potential lawsuits and compliance related hassles that can stagnate if not completely ruin a financial firm regardless of size.

For more blogs on cyber security news, fintech, the cloud and more visit our website.

DoorDash Gets Data Dashed After Breach

DoorDash Data Breach

The food delivery company DoorDash was compromised on May 4th 2019. The company said the data breach exposed the data of 4.9 million users, delivery workers and merchants. Fortunately, users who made accounts after April 5, 2018 were not affected by the breach. However, the breach exposed names, phone numbers, order histories, email addresses, and password information.  DoorDash said the breach happened through a third-party service. If it can happen to them it can happen to anybody and too often, it does.

DoorDash said in light of the hack, it took additional security steps to secure user data. It added security layers around the data and brought in outside consultants and experts to further identify and repel potential threats.

The company also said hackers obtained the last four digits of users’ credit card information. The customers’ full card numbers were not obtained, nor were the card verification values (CVV). The hackers also managed to steal the driver’s license numbers of about 100,000 delivery workers.

Hashing

DoorDash uses a method of encrypting data called Hashing. Hashing is taking a way of representing data in the form of a series of symbols. Moreover, it allows you to take an input, say a password, of any length and turn it into a string of characters that turn out to be the same length.

There are algorithms, like SHA1 and SHA256, that do this for you and generate unique hashes. They will take a name like Thomas Johnson and turn it into something that resembles “aeb4048c96b086739900f4f4144cd1f5”. The good thing about these hashing algorithms is that there’s no way of reversing the process. If someone had access to the hash, they couldn’t reverse engineer the name. At least in theory.

Brute Force-Attacks

There is are some methods of getting the non-hashed password or information hackers often exploit, sometimes quite successfully. One of these methods is called a brute force attack or a dictionary attack. The hackers take a long list of passwords and run it through the appropriate algorithm. Then the hacker looks at the hash they wish to recover and look for it in the list of hashes. Like looking for a number in the phone book when all you have is a name. If they find a hash in the list that matches the one they have, they simply look at the plain text version on their list.

If you couldn’t tell, this is a very intensive process. However, experienced hackers will use huge word lists and run them through their systems. These systems can analyze passwords in a matter of seconds.

Hash Collision

Hash collisions happen when two sets of data correspond to the same hash. This is very rare but useful. The hacker would be able to use a series of characters to access your account since it generates the same hash as your password.

Doordash assured its users and the cyber community that the hashing routine used salt to increase its complexity. No, not actual salt. “Salt” in cryptography simply means adding random data to the input (the password going into the algorithm)  so the hash is unique. This decreases the chances of a brute force attack or a hash collision.

Adding Salt to a Hash

Hashing isn’t full proof. It’s very deterministic, meaning a certain input will always give you the same output. Thomas Johnson as an input will always produce the same hash. So, if two people coincidentally use the same input for a password, they will both generate the same hash.

Adding salt to a hash means you take a random variable of a specific length and add it to the input. So, even if the input itself isn’t unique, the variable makes the hash unique. Metaphorically adding salt gives the hash a more distinctive flavor.

Despite the fact DoorDash took these extra precautions to encrypt their users passwords, experts suggest that any user affected by the breach should change their passwords to something as complex and secure as possible.

It’s Common

Unfortunately,  data breaches like the one in DoorDash occur fairly often. The more sensitive the information the more lucrative the hack will seem to a cybercriminal. That’s why the healthcare, accounting and financial services industry are often targets of cyber-attacks. 71 percent of breaches in 2019 were financially motivated, meaning hackers are looking to get information they can use to enrich themselves. Then, company that regularly deals with clients’ financial information would be a prime target. Doordash has credit card information to facilitate purchases but accountants and financial advisers have much more specific information.

That’s why managed IT for Finance and accounting is so important. Companies take their IT infrastructure for granted, often times, because they see it as an extra expense not a necessity. However, security is an expectation not a luxury. Providing managed IT for accounting and fiance is mostly about planning with compliance and security in mind.

That’s why agencies regulate these types of companies . Many compliance laws force industries like fiance and accounting to maintain high levels of security. That way, financial information isn’t compromised. Yes a thief is blamed for a robbery, but if the bank has poor security and didn’t install security cameras to cut costs, the bank is just as much to blame. This metaphor might simplify things a bit too much, but sadly that is the case for many industries. They don’t invest in newer cyber security because they’re too small to get attacked. Other times companies will think the security measures they take are good enough.

Small Sized Businesses are More at Risk

If a business owner reads this article and thinks to themselves, “I’m not Doordash, I run a small accounting firm,” they’re sadly mistaken. As a matter of fact, 43 percent of data breaches in 2019 targeted small businesses. People only take notice of the breaches occurring in large companies like Doordash and Capital One because those make interesting news articles and blogs. More often, it’s the smaller companies that suffer the greatest losses. 60 percent of small companies go out of business within six months to a year of a cyberattack. This is a number taken from the U.S. National Cyber Security Alliance.

Most of these breaches occur because a low level employee does something wrong. They open an email that contains malware, they don’t secure their passwords, they expose valuable information on social media, they are victims of an elaborate phishing scam. Nerds Support works as a financial cloud provider giving extensive training, security protocols, policies and procedures within the company.

Now, notice how they published a blog regarding the incident. They didn’t have to do this. DoorDash could’ve gone to the press but they knew it was important to retain a sense of confidence in the company. The company needed to tell as many people as possible that everything was taken care of. That’s obviously because perception builds trust and trust is the currency that builds companies.

A Data-Breach in Trust

If a breach occurs it’s highly likely that confidence in the companies ability to secure sensitive data will decrease. Restaurants have gone out of business because a customer found insects or filth in their foods. Companies fail more often from a decline in trust than anything else.

Nerd Support provides FINRA approved cloud storage to financial firms because keeping with industry compliance creates a safer digital environment for both the company and its clients. If someone is looking for a firm and sees it’s following all regulatory and security standards, then it’s a subconscious relief that builds confidence in the firm.
That being said, IT solutions for finance differ from the solutions other companies need, but all industries are regulated to some degree.

What can you do to Avoid a Breach?

Create a business continuity plan. This will mitigate the impact of a breach and ensure your business survives and recovers. DoorDash has one, which is why it immediately took steps to bounce back from the attack. The company added new security measures to their systems, hired outside consultants, and took to social media to update everyone on the status of the company. There is no doubt the company discussed all of this at some point in it’s history.

This was a swift and comprehensive move on DoorDash’s part because they knew the longer it takes to act after a disaster the bigger the losses.

Delete all emails, links online posts that you suspect might lead to a virus or data-breach. These are how many cybercriminals steal information.

Update and secure all software. This is often overlooked but it can be one of the best defenses against malware and viruses.

Encrypt sensitive data. Like DoorDash, encrypting sensitive data will make access to it difficult at worst and nearly impossible at best. Encrypting data is just converting data into another form.  Like hashing a password by turning it into a series of numbers and letters. Nerds Support encrypt its partner’s data and store it in a highly secure data center. We focus more on software encryption but you can also encrypt hardware.

DoorDash is just an example of what can befall any company in today’s world. Companies experience hacks, data  leaks, and personal data’s constantly stolen. The threat is more visible to the public now as larger companies fall victim to attacks. Cyber-crime is the world’s highest paying business, estimated in the trillions of dollars.

Business owners need to take action. If they don’t do anything, they’re just waiting to be next

Social Engineering Serious Threat

What Is Social Engineering?

Social Engineering

Social engineering comes in many forms. The most commonly spoken about is phishing but it gets much more intricate than that. We know about the hackers that use their technical skills to access and infiltrate a hapless victim’s computer and steal sensitive data.

There are other types of cybercriminals, however, who use techniques to undermine their victim’s cyber defenses. They ‘re called social engineers and they exploit the greatest liability in any and every industry: human beings. They use social media, phone calls and emails to trick people into willingly giving them valuable or desired information.

You may have heard stories of people getting calls offering credit card deals or one-time promotions. They try to take their targets information by claiming to be a representative of this or that company and requiring you to give them credit card information. This is social engineering.

In this article, we’ll focus on the most common types of social engineering attacks used to target victims into divulging information.

Scareware

Scareware involves victims being flooded with false emails and threatening notifications. Users are made to believe their computers are infected with malware or viruses, which encourages them to download software that infects the user’s computer with malware and viruses. Other names for scareware include deception software, fraudware and deception software.

Some of you could have encountered scareware at some point. They come in the forms of banner ads or pop ups that warn you about having an infected computer. It offers to install the software for you and direct you to a malware-infected site where your computer becomes vulnerable.

It can even spread through spam email so be weary of the messages you open.

Worm Attacks

In the past worm attacks have exploited the philosophy behind scareware, aiming to attract user attention to a malicious link or file. Worms were used most in the late 1990’s and early 2000’s but it’s still important to be aware of how they were so successful.

In 2000, the “Iloveyou” worm was spread in email attachments that managed to infect tens of millions of windows computers throughout the US. It started in the Philippines and spread to the west via corporate email systems, causing an estimated 5.5-8.7 billion in damages.

Victims received an email inviting them to open a love letter. When they opened the file, the worm copied itself to all the contacts in victim’s address book. Notice, social engineering is about manipulating human emotion to gain advantage over someone and their information.

Malware links, as mentioned above, contain provocative words or graphics that compel you to open them, bypassing any anti-virus filters your mail could have.

Baiting

Baiting is what it sounds like, baiting the victim by appealing to greed or personal interests. This is particularly insidious because it often discourages the victim from reporting an attack. An unsuspecting user will read an email offering fake deals and shortcuts like free internet or other illegal benefits.

When these emails are opened, the trojan virus attached to the email or file corrupts the computer and encrypts the computer or spreads further through the entire system.

The victim will most likely be too embarrassed to disclose their reasons for opening the email in the first place, so it goes unreported.

A perfect example of this technique was when a trojan virus was sent to the corporate email addresses of employees in the form of a recruitment website. The criminals knew that the employees would be reluctant to tell their employers they were infected with a virus while looking for other jobs.

This type of attack isn’t limited to email, either. Cyber criminals have also used USBs infected with viruses also. The USBs are left lying around and all it takes is one person curious enough to plug it into their machine to ruin everything.

Pretexting

Pretexting is a social engineering technique that uses cleverly developed lies and deceptions to obtain information. In the case of pretexting, it’s usually done through the phone as opposed to online. The attacker will pose as an important figure, perhaps a CEO of an IT company, or a vender and use that as a pretext to gain desired information from the victim or victims.

This also requires the social engineer to develop a friendship with the victim through this impersonation. The impostor asks the target a series of questions as an authority figure, lulling the victim into a false sense of security.

The key in pretexting is manufacturing a scenario that the social engineer uses to engage their victim. A famous case dates to the 1970’s when Jerry N. Schneider used old invoices and manuals obtained by scavenging trash to start a profitable business. He got the invoices by looking through the Pacific Telephone and Telegraph dumpsters. He then used that information to acquire new telephone equipment posing as high-ranking member of the company and sold it back to PTT through his own company.

Phishing

Phishing is the most common type of social engineering scheme. The attacker creates a fake version of an existing website of a highly regarded or renowned company and sends the link to targets through email or social media. The reason it’s so low on the list is because it’s been discussed at length in other blogs.

Vishing

As we’ve discussed, social engineers don’t always use the internet to gather information. Vishing is the use of Interactive Voice Response IVR to trick their target. They attach the IVR to a toll free number and trick people into calling that number and enter their information.

Tailgating

Tailgating is when a person uses an authorized person to gain access to a restricted area where some form of identification is required to get through.

This doesn’t work with large companies with advanced security features that require bio-metric scanning, for example, to get into the building.

What tends to happen is, the social engineer impersonates a delivery driver and when an employee is entering the building the person passing as a driver will quickly ask the employee to  hold the door so that they might make it through. This occurs more often in smaller sized businesses that have comparatively lax security.

Quid Pro Quo

Quid pro quo attacks offer benefits in exchange for information. The most common type of quid pro quo attack involves impostors pretending to be IT service providers and make direct calls to as many members of a company as possible. These criminals offer their IT expertise to all their targets and ask the victim to disable their antivirus program to fix whatever issue present at the time.

 

Social Engineering Statistics

Preventing Social Engineering Attacks

Now that we’ve discussed the types of social engineering techniques, you might be wondering how to defend against these types of attacks. If you’ve made it this far then congratulations you’ve taken the first step, which is knowing about them.

With the emergence of smartphone technology, which puts powerful computers in the hands of so many people, information is very easy to come by. Unlike the days of Mr. Schneider, you don’t have to peruse through company dumpsters to access valuable data.

You, your company, employers or employees need to be more conscientious about what is posted online. Whether it be on a website, a social media page or via email.

To keep your devices and accounts safe, it’s important to implement strong passwords and two-factor authentication. Invest in IT, take the necessary measures to add anti-virus software firewalls and the like.

This is by no means a comprehensive overview of all types of social engineering, some are more detailed in nature and varied in scope. Tactics are changing with technology and cyber attacks are becoming more and more laser focused on specific targets. Instead of going for a large pool of potential targets, the social engineers and cyber criminals will go for one or two individuals. They gather such specific information that distinguishing a phishing scam from a legitimate email is getting harder and harder.

Getting help from an IT service provider you can trust might mitigate the risks of falling for any one of these tricks.

For more information on phishing and other social engineering tactics, visit our website or call us for more information.