Social engineering is one of the oldest tricks in the hacker book, used to target companies large and small. Psychological trickery to get employees to click on links, download infected documents or give away personal information via email is one of the top techniques still practiced by cybercriminals for fraud.
Phishing schemes are common; they’ve been used to impersonate emails from the IRS, Amazon and Netflix to convince users to make fake payments, reveal their Social Security Numbers, credit card data or passwords. The number of attacks on small business has increased compared to previous years.
Just last Wednesday, the owners of Griffin Funeral Home in West Monroe, Louisiana, were informed that a number of suspicious emails had been sent out of their Yahoo account to customers asking for financial help. The fake emails appeared as if sent by Glenda Griffin saying she was in Ukraine caring for her cousin and was in urgent need of $2,450 to pay for surgery. Customers immediately replied, but were also suspicious because the emails lacked the company’s disclaimer about confidentiality.
The owners of the funeral home contacted the Ouachita Parish Sheriff’s Office to investigate. Although the changed the account passwords four times, the hackers still regained access and locked them out. Yahoo was contacted for assistance.
Breaches are mainly inevitable when careless company employees don’t recognize social engineering scams. If you receive suspicious emails, do not reply, do not make any payments and do not reveal personal information. No company would ask for such data in an email, so users are advised to check the authenticity of the sender.