Even if you don’t work in the IT industry, you have heard about different types of scams that use social engineering. The classic Australian Lottery where you get an email saying that you have won the lottery; but you have to pay a sum of money to collect it, or the “Grandparent Scam” where a distant grandchild calls to say they are in trouble and needs money.
For those of us that work in the industry, we hear of more sophisticated scams, like where someone in accounting gets an email that appears to be from the CEO requesting that money be wired to an account for a deal they are working on. If you are like me, you have probably said to yourself, “Who falls for that?” or “That would never happen in my family, we are too close knit.” Well, recently it did happen in my family. We had an incident of the Grandparent scam, and it worked.
Some of the people that “engineer” these scams are really good. They do their homework and they know every angle. They pull the right strings to get you to do things you wouldn’t normally do, either out of emotion or fear. Wikipedia actually gives a good explanation of some social engineering techniques and how they work here. As I found out the hard way, it can happen to you, someone in your family or within your company.
So what do you do?
How do you protect yourself, your family, and your company? Unfortunately there is not a fool proof answer, it is human nature to want to try and help out a family member, to be curious about the email that promises some big return, or to do something quickly and efficiently that will please the CEO. However, there are some things you can do to minimize risk.
Communication and Education
In your personal life, talk to your family members, especially the elderly. Tell them that if they get a request from a family member that needs money to get out of trouble, verify it. Call another family member that would know if they are really in trouble. Make them tell you something only they would know. Be especially suspicious if they say “you can’t tell anyone”.
Professionally, talk to your co-workers and employees. Tell them to verify any requests for money transfers. Be cautious of emails with links. Seek out security awareness training that can educate employees on the dangers of social engineering and other high tech scams. Be vigilant and cautious. Make sure your computers and mobile devices are protected with the latest Antivirus software and are kept up to date. Protect your passwords by making them complex and use a secure password management software to keep track of them. Make sure your company is employing best practices when it comes to security, especially if you are in a regulated industry such as financial or healthcare.
As I talk to more and more people about my experience, most everyone has a story to tell about a scam that has affected them or someone they know. If it hasn’t happened to you or within your company yet, chances are it will sooner or later.
If you have any concerns about security, reach out to us here at ADNET. We are here to help and can provide additional guidance on how you can reduce risk and prevent some of these scams.