How Hackers ‘Catfish’ Your Company’s Employees
Here’s a dirty little secret about cyber security that hackers don’t want you to know: they target your people just as often as they target your technology.
As a leader in network security in the Nashville area for over 15 years, we’ve seen network attack methodology grow like wildfire and the real-world effects it has on small and large businesses. Today’s cyber attackers are relying less on massive phishing email campaigns with obvious signs of malware, and more on identifying employees within your organization who are most likely to open the door for ransomware, advanced persistent threats, data theft and other lines of attack.
How it Works
Once a potential network attacker has identified your organization as a target, they’ll scour professional social media sites like LinkedIn and Facebook to gather valuable bits of information. While some of the data may seem innocuous (i.e. job title, age, pet names, list of friends) a diligent attacker will patch together this data to develop a plan of attack. They’re looking for employees who may be disgruntled, appear prone to technological mistakes or new to an especially valuable department.
Once they’ve reached out to your employee and gotten them to accept a social media connection, they’ll use just about any method of deception they can to gain access to your critical networks and data.
Identify and Block
The methods of manipulation used by these criminal ‘Catfish’ vary, and are as sophisticated as the attacker’s imagination. However, we’ve identified some things you can look for to prevent becoming a victim:
- Typos and Syntax Errors: Just like we find in email phishing campaigns, the easiest warning signs to spot on a malicious social media page are poor grammar and spelling.
- Lone Wolves: be wary of accepting connections from people who only have one or two friends or colleagues connected to their account.
- Inconsistencies: Beware of strangers who want to connect with you if they have a mish-mash of industries and unrelated positions on their work history. It’s often a sign of someone trying to cast a wider net.
For as far as technology has come to help protect your network, it’s the people who use it on a daily basis that can be the blind spot in your plan. Ensuring that your users know how to protect themselves and their sensitive data could make all the difference when criminals target your company.
NSG has nearly two decades of experience protecting networks of all sizes and training employees on best practices. We offer multi-layered network protection solutions that safeguard your data and surpass any regulatory standards required for your business.
Contact NSG today at (615) 577-4390 or [email protected] to learn how we’re changing the way businesses protect their networks!