Tag: social engineering

  • In 2023 some of the biggest cyber-attacks were orchestrated with “low tech” methods

    In 2023 some of the biggest cyber-attacks were orchestrated with “low tech” methods

    Whether you’re “tech aware” or not, most of us know that the human element is one of the riskiest elements of our business when it comes to our data being compromised.

    2023 proved that in spades with many of the largest attacks of the year being orchestrated with “low tech” methods – whether that be social engineering as we saw with MGM or literally low tech as with the attack on Rockstar that was conducted with a cellphone, TV and an Amazon Firestick.

    Attacks such as the one on MGM are conducted with social engineering and the attacker doesn’t need to possess any particularly strong tech skills to pull an attack of that nature off. These attacks are usually accomplished through persistence – the attacker sometimes researches their target and reaches out to decision makers or those close to decision makers to try and gain access through Vishing, Phishing, and other methods (see our chart below for examples).

    They may also “bruteforce” their way in though not in the typical way you might think, compromised credentials are often found very cheaply on the web and many people use the same password for everything. The bad actor will again look for specific targets and then try to purchase credentials that will match their target.

    A common social engineering attack is orchestrated as follows:

    1. The attacker will research their target. This includes trying to figure out who is a decision maker or close to a decision maker. They may also look for details about you found on social media (such as family and friends names they can use to make their attack appear more legitimate).
    2. The attacker will reach out to the victim using what they have learned or try any credentials they’ve managed to find. They may pose as someone you trust and can even spoof that person’s email.
    3. They will use their access to infiltrate your systems or use your account to continue pursuing their target. They may not immediately make themselves known – many attacks are orchestrated over months or years to produce a bigger payout.
    4. Once they have successfully infiltrated your systems the attack may proceed in a variety of ways, whether that be trying to ransom back your compromised data or systems, threatening to release stolen data online if they don’t receive a payout, posing as you to your clients to expand their reach and more.
    5. The attack only ends when you can successfully remediate/remove their access.

    This attack is the end game for many attackers but not all attacks have this level of energy put towards them, phone scams and simple email phishing scams can look to steal your credit card or banking info for a quick payout and these sorts of attacks are conducted en masse often by attackers located overseas. Scams like these are still a variety of social engineering and quite effective – and again any data they manage to get in the process can also be sold on the dark web allowing these attackers to “double dip” on the profits they receive from their nefarious efforts.

    As we mentioned above many attackers are not conducted on a quick timeline, attackers know they can receive a bigger payout the more enmeshed they are in with the victim’s systems and data. Your system could be compromised right now, and you may not even know it.

    Data loss remediation and protection is just two of the cyber security offerings Valley Techlogic provides to help us protect our clients from social engineering and other cyber based attacks. Reach out today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Unsure if the person you’re interacting with may be a fake? This Chrome extension can detect fake profile pictures with 99.29% accuracy

    Unsure if the person you’re interacting with may be a fake? This Chrome extension can detect fake profile pictures with 99.29% accuracy

    As we discussed last week, financial scams may be on the rise in 2022. Social engineering is a pretty common tactic utilized by scammers when it comes to siphoning funds from unwitting victims, but there are some tools you can use to combat it.

    Recently a company called V7 Labs has released an extension for Chrome that’s able to detect artificially generated profile pictures, such as those created by Thispersondoesnotexist.com (see below for an example).Examples of "ThisPersonDoesNotExist"

    The Fake Profile Detector extension can help you detect if a social media profile picture is a fake just by right clicking on it, it’s able to zero in on things you may miss at first glance – such as a pupil that’s not in the right place or clothing that appears to be bleeding into the skin. The extension does not work with video (yet). Also, just to note you should always verify an extension is from a trusted source before downloading it to your browser.

    Social engineering scams aren’t limited to just financial scams, they’re also utilized to gain information or to spread misinformation. As AI tools have grown more sophisticated it’s not easy to rely on someone’s profile picture to give you a good indication of who you’re talking to online.

    It’s also very easy to create fake profiles using real pictures, even pictures of people you may actually know. It’s typical for the scammer to start the conversation off with they got “locked out” of their main account and would like you to add their new one. You should also confirm with your friends and family before accepting a request from a new account.

    Or maybe it was their actual social media account, but a scammer was able to gain access. Sometimes scammers may even leave the password alone. The victim then may not know they have an intrusion, and the scammer just monitors and deletes messages of the conversations they’re having without the victim’s knowledge.

    We have created this chart of the top five things you should watch out for when it comes to social engineering scams.

    Click to download the full size version.

    Social engineering is not limited to just social media sites such as Facebook and Twitter. The most common type of social engineering are phishing attacks, and scammers setting their sites on businesses to take advantage of may have an easier time of convincing a user they are who they say they are when it comes to the more casual relationships we tend to have with colleagues.

    We wrote a blog explaining what to look out for when it comes to phishing emails, but at Valley Techlogic we also think this issue can be tackled from a software and training perspective.

    The tools we utilized will make sure that much of that suspicious spam never makes it to your end user, and the training we offer to our clients can help them make sure that if an employee does get a spoofed phishing email – they know exactly what to do about it.

    To learn more, schedule a free consultation with our sales team today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.