Social engineering is the one type of cyber attack that uses no malicious software. Instead of finding holes in the security of your network, social engineering exploits the weakest point of any system, the user. There are several forms that this can take – from emails and text messages to phone calls from the hacker themselves.
The name for this type of attack is phishing, which is just as it sounds. There is also spear phishing which is targeted towards a specific person or organisation. Someone with malicious intent sends out a message using a medium of their choosing to unsuspecting individuals whose contact information is available in the public domain. This is usually done via email but text messages and calls are also quite common. Websites are often hacked and the login details of their users exposed. Could you be in one of those lists? To check, there is a website called https://haveibeenpwned.com/. Just enter your email address and if it has been exploited somewhere, the website will show you where and when this happened.
The phishing message could say that you have a virus that they can remove for you by installing a remote control program. This would give them the opportunity to install malicious software to compromise your data. The other type of message that is used is emotional blackmail such as pretending to be a woman seeking a romantic relationship. One thing these messages tend to have in common is that there is a weblink somewhere in the message which allows the hacker to work their “dark magic”.
How do you spot a phishing email? When you know how, you can see them a mile off. The first step is always to verify who the email has come from. If this is an email address that you recognise, does the message look normal from the sender. Everyone writes emails slightly differently and this is quite easy to tell, especially if you know the sender well. A phishing email rarely uses proper spelling and grammar, if there are some obvious mistakes, the email may not be genuine. If there is a link, do not follow it until you can verify where it goes. Using your mouse, you can hover over the link and in the bottom left corner, the real destination is shown. If this does not match the link in the message, the link is highly likely to be fraudulent. This could be a download link for malicious software. Is the link mentioned in the email? If it is, this may still be a scam but this is less likely. If the link contains a domain name you do not recognise such as http://ngiauoesg.tk, this is a scam, do not follow this link. A hacker can make the link look genuine, you can use your mouse to hover over the link to see if the text matches where it wants to take you.
The types of domains that are usually safe are .co.uk, .com, .net, .gov, .ac.uk. Once the domains are .tk, .cn, .al, these are more likely to be scams than others. The .tk domain is especially popular for scammers as these domains are very cheap to buy.
When you verify who sent you the email, do not simply reply to the email because the hacker can reply while posing as the legitimate sender. Always use a different channel such as a phone call or talking to them in person. This way, you can verify their identity more accurately.
A link can take you anywhere on the internet, including a download link for any malicious software that the hackers have found. A notable example of malicious software is Ransomware. In 2017, there was a ransomware attack on the NHS called WannaCry. This encrypted a huge amount of data including data on patients. A ransom of £300 per infected computer (going up to £600 if not paid within 3 days) in Bitcoin was demanded for the decryption of the data. This resulted in cancelled appointments and could have stopped patients being treated. Paying the ransom rarely if ever prompts the hackers to decrypt your data. Their entire goal of using ransomware is to make money.
Once a single user is compromised in any network but especially in an organisation, that can be enough for the hackers to gain control of the network and do what they like with the data. In most cases, ransomware can be removed by restoring the system from a previous backup. This can cause the loss of data if backups are not taken regularly enough.
The other goal of a phishing attack is collecting the login credentials of as many users as possible. This can be done by emulating a familiar login page such as Office 365 or Google. Using a compromised email account, the hacker can send a link to what looks like a download for a document but in reality is a link to the fraudulent login page. The login attempt will always fail even if you use the right password. Once you click login on a fraudulent website, your login details will be available to the hackers and your account will be considered compromised.
The other medium for social engineering that is commonly used is a phone call. This is usually when the hacker pretends to be representing a large company such as Microsoft or Apple. They usually tell you that there is an error they can see which needs to be fixed. This sends most people into a so-called “panic mode” which makes them hand over control to the hacker. Asking some questions often results in the call ending. An example of this is asking what the error is. The hacker is not usually equipped to deal with this and they hang up. The key to stopping yourself being vulnerable to this is to have the technical knowledge or to refuse to allow them access until you have talked to your IT department.
One method to further secure your account is using 2 factor authentication. This generates a unique code that you have to enter in a certain time after you enter your password. These codes are generated by an authenticator app such as Microsoft authenticator, Google authenticator and Authy. This extra level of authentication ensures that the hackers cannot gain access to your account even if your username and password is compromised.
What do we recommend?
- Regular backups
- Checking all incoming emails
- Take advantage of 2 factor authentication
- Never click a link that you do not completely trust
If there is an email you think is not genuine, give us a call at our office on 01344 204019 or send us an email to helpdesk@magikos.co.uk.