Last week I made a blog post regarding cyber threats and how they are a bigger problem than most people realize. Well ironically, only a few days after I made that post we were the target of a social engineering attack. Social engineering attacks can vary in strategy and target, so having your staff trained on them is very important.
To give you an example I will tell you what happened to us. I noticed the other day when I was reviewing our website analytics, that someone from Nigeria had spent roughly 20 minutes on our about us page. This page contains information about our company structure and staff contacts. Shortly after, someone sent an email to our accounting department asking for a wire transfer claiming to be the owner of our company from a slightly different email address. At a quick glance someone could have made a mistake and actually sent it. Luckily for us we are well trained for situations like this.
That is an example of a pretty basic attack, but others are far more sophisticated and may be targeting your business in a different way. Sometimes the goal is a quick dollar, like the one attempted on us. Others may be to trick employees into downloading malware, sending important password information, etc, thus giving themselves opportunities for greater rewards.
There is so much information on this topic so I will not be able to cover it all in one blog post, but if you run a business I recommend doing some research on your own. Alternatively, we will be offering training and material on social engineering in the future. If you are interested in learning more please subscribe to our blog on the right hand side of the screen.
I will end this post with a quote from a famous hacker and social engineering expert, turned cyber security consultant:
"Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems" - Kevin Mitnick