Hackers come in peace, and they care, a lot!
While this may be surprising, it is true. Hackers do care about their targets routines, work schedules, personal programs and social life. And while they don’t care so much to the extent of helping you out with each and every one of them, at least they will let you know, to your benefit or to your ruin.
Consider this: research has proven that the most appropriate time to send out a Phishing email is somewhere between Thursday afternoon and Friday afternoon. This is because most employees in an organisation have probably switched to the ‘Weekend mode’ and sending out an enticing email that will tickle their fancy might just give hackers their passwords or other valuables. Things like online shopping, holiday offers/invites are often times too attractive even to the most diligent and security-conscious staff. So rather than flood your inbox from Monday to Friday with phishing e-mails, a good hacker will probably do their homework and send you an email that you/your employees will most certainly open and do as instructed, helping you avoid many distractions and false alarms. You now see how they care, even if not so much.
Scenario 2, live from Wakanda:
It’s a Monday morning and a long way to the weekend when anyone will ever get time to hit the cinema and watch Black Panther. The movie is the talk of the town, and it gets tiresome just listening to people’s story and feeling left out. But fret not,you just might get sorted.
Not so many minutes after entering the office, you spot USB stick with the Black Panther sticker. A few things cross your mind:
1. You don’t own a flash disk and this might just be the right one for you.
2. You haven’t watched the movie, and from all indication on the USB drive, no one could be ‘more lucky.’
So you pick it up, thank whoever the loser is and move on. Of course it’s the first thing you insert to your computer and BAM! You’re done! No movie, no nothing!! You get upset, but at least you still have the flash disk so you smile to yourself and life moves on. Unbeknownst to you, your system (and potentially you entire organization’s) has already been compromised. Hackers care. You didn’t get the movie, but you have a free USB drive. You can keep it.
As said in a previous article, there is no better way to guard against social engineering attacks compared to education. Humans are the weakest link in the security chain and as they say, there is no patch to human stupidity. So learn, inform your staff of potential Social Engineering attack vectors, perform mock SE attacks to test how secure you are and much more.
At Extant, we provide you with a comprehensive plan and toolkit to guard against Social Engineering attacks. Through our partnership with Wombat, we strive to ensure that your employees are well educated/trained to prepare them face these challenges. There is no silver bullet, but some come close. The right amount of technology provides a level of security, but an informed work force can make all the difference.
With our short 5 – 15 minutes awareness campaign programs, mock SE attacks and various other techniques, you can be guaranteed of a safe online environment and that’s because of a more informed and woke staff!
Be in the know! Be safe! Stay woke!