Business owners have learned to delete suspicious attachments that might contain viruses or malware. We’ve learned about phishing and other email-generated scams. With our focus on the technology involved in these attempts to defraud or steal from us, we might not recognize other confidence tricks that could jeopardize our computer networks – scams that use a seemingly personable sales rep to break into our business data.
It is alarmingly easy to provide strangers with key information about our business operations – information that seems safe to disclose. Here’s how crooks use naivety to breach our computer security.
The Mock Sales Call
The charming salesperson, who cold calls to make an appointment to discuss a great deal that’s perfect for you might not be who they seem to be. This con artist often starts by asking an employee, a receptionist or even a senior manager a few simple questions – what hardware/software do you use most often, or who is your Internet provider? Before long the questions become more probing – what programs do you use to protect your network, or who handles your offsite data storage? If we take the salesperson at face value, we’ll probably assume their questions are harmless and give them the answers.
This could be a costly error. We’ve given a stranger some very helpful information they could use to determine the weak points in your computer systems. If you have provided them with your email address, you’ve given them an easy point of entry into your systems. An email enclosure from one of these sales reps, whose name you will recognize, can release malware giving crooks entry to your data systems. Alternatively, these scam artists send emails purporting to be from one of the vendors/suppliers you mentioned earlier. The phony email comes laced with an intriguing attachment that once opened, will give these crooks access to your systems.
The Social Network Trap
None of us would post a sign on our office door telling everyone where we’re going and when our homes and offices will be unoccupied, yet many of us do the equivalent on social network sites and blogs. It is easy to fall into the habit of posting our whereabouts and sharing photos by checking in on social networks like Facebook or Twitter. This may have pitfalls. Anything that allows a crooked social engineer to monitor someone’s whereabouts and determine any patterns might be a bad idea.
Again in this era of Groupons and emailed special offers and tweets, anyone who discovers that you go out for steak dinners every week or like to attend concerts knows how to tempt you with a phony invitation/coupon enclosure that must be printed out. And, bingo! You are the victim of a social engineering scam, and falling for it may have costly or even disastrous consequences. Check the security options on all the social networking sites you use – and think long and hard about allowing your location data to be posted.
Avoiding scams like this requires us to educate all our employees about the dangers of these types of seemingly innocent exchanges with strangers. Remind them not to respond to visitors or callers who ask questions about business operations. Advise them to be cautious about giving an email address to a stranger – someone who claims to want to send a special offer or a business proposal. Social networking can be a real boon in our personal and professional lives, but it can play havoc with our privacy and give thieves an entry into confidential personal or company data. Like other powerful social tools, it should be used with caution.