Today’s criminals use very sophisticated approaches to deceive people out of their money. We’ve all received suspicious emails that appear to come from a loved one traveling abroad asking us to wire money because of lost wallets and credit cards. Or the email telling us our friend is hospitalized overseas following a major accident and needs money for care. These are just two scenarios used by thieves practicing social engineering – the art of manipulating people into providing money and/or confidential information ultimately allowing the thief to steal from them.
Social engineering poses a tremendous threat to businesses as criminals devise new schemes to take advantage of our natural inclination to trust. Your company may have the best IT team in the world with the latest virus protection and firewalls, but when an employee fails to adhere to the implemented best practices and accidentally clicks on the wrong link, all of your safeguards become meaningless. Similarly, imagine a physical building with secure passcode access for employees. What happens when an employee, intending to be considerate, simply holds the door open for the criminal posing as an employee?
Too often, the criminal hacks into your computer and learns all about you before attempting a scam. For example, suppose the thief knows you, the business owner, are on vacation after hacking into your calendar. The thief writes a convincing email asking your controller to wire, let’s say, $10,000 to a vendor. Or, in another scenario, the thief knows the targeted victim uses a particular banking institution or supports a local charity. This knowledge makes it far more likely that the victim will respond to a phishing email indicating the banking password has been compromised; or the victim will follow a link to make a charitable donation.
The good news is, you can protect yourself. Good rules of thumb:
• Delete any request for financial information or passwords. If you didn’t solicit an action (e.g. request an email to reset a password), there’s a strong chance the email is from an untrustworthy source.
• Conduct a Google search or follow a bookmarked site to reach the intended website destination. If a vendor emails to notify you of a change about how to make a payment, it is in your best interest to call and confirm that change with a trusted contact.
• Hover over a website domain links. Hovering just might reveal that the website domain is not a trusted source.
• Double check that your business insurance includes coverage for these types of risks.
It’s critical that we learn to slow down when receiving these sorts of emails. The thief is hoping to catch us acting without thinking.
Aaron Shankman is an agent with Althans Insurance in South Russell.
Content provided by advertising partner