Cybersecurity threat tactics are changing all the time. Protecting your information is the single greatest challenge to information management. It seems every week we hear about another attack on a large company. The hackers are getting smarter. Protection is critical. Everyone and every company is vulnerable.
Cybersecurity Threat Tactics | Our Insights
Tactic Number One: Spear Phishing
Spear phishing is a targeted email attack in which a hacker uses email to masquerade as someone the target knows and trusts. This is often as simple as copying the name of a CEO from a company website and then sending an email using this name to anyone on the company’s corporate domain.
Spear phishing is the single most common (and effective) social engineering tactic. You’ve likely seen subject lines like these before and hopefully hit “delete” right away:
“Notice of pending layoff: Click here to register for severance pay.”
“In an effort to cut costs, we’re sending this year’s W-2s electronically.”
This may seem rudimentary, but hackers are getting more convincing and creative with an email that, when opened, infects your machine. Here are a few tactics to watch for:
- Using the news against you – Whatever’s getting attention in the news can be used as social engineering lures. For example, 2016 has seen a rise in the number of spam messages related to the presidential campaign.
- Abusing faith in social networking sites – Millions of people use social networking sites like Facebook and LinkedIn daily, so they develop a certain trust in them. Then, when an email says, “Your Facebook account is undergoing routine maintenance, please click to update your information,” you don’t think twice before you click.
Cybersecurity Threat Tactics | Number Two: Dumpster Diving
Dumpster diving is exactly what it sounds like: A hacker digs through the trash that unsuspecting employees have thrown away. Valuable finds might include:
- Junk mail (especially credit card offers), which can contain personal identification info that’s just the ticket to identity theft.
- Company phone lists and org charts that offer numbers and locations that make it easier to impersonate management-level team members.
- Corporate letterhead that can be used to fake official-looking correspondence.
- Hackers will also buy refurbished computers and will pull confidential information from hard drives, even after users think they have deleted it.
Cybersecurity Threat Tactics | Number Three: 10 Degrees of Separation
Social engineers are clever, methodical, and patient. They often start by building a rapport with more accessible people in an organization — like an administrative assistant or a guard at the gate—to get information about their ultimate target, who may be as many as ten steps higher up on the corporate food chain.
The criminal may begin by gathering personal nuggets about team members, as well as other “social cues” to build trust or even successfully masquerade as an employee. Some of their strategies are incredibly simple and insidious:
- They learn your industry shorthand – A hacker will study the acronyms and jargon of your industry so she can build trust by speaking the language you recognize.
- They borrow your 'hold music' – In this deceptively simple scheme, the criminal calls, gets put on hold, and records the music. Then, when he calls his victims and puts them on hold, the familiar music serves as a psychological cue that the caller is trustworthy and on the inside.
- They spoof your number – Criminals make an inside number show up on the victim’s caller ID, which makes the victim more willing to offer confidential information like passwords over the phone.
Cybersecurity Threat Tactics | Conclusion
The rise of mobile and IoT devices will increase exposure of a cyber security hack. Learn more about how to protect your organization by reaching out to Oakwood for a free consultation.
Review our case studies and engagements where we helped companies just like yours solve a variety of business needs.
Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems. We bring world-class consultants to architect, design and deploy technology solutions to move your company forward. Our proven approach guarantees better business outcomes. With flexible engagement options, your project is delivered on-time and on budget. 11,000 satisfied clients can’t be wrong.