Most computer infections, network break-ins and “hack” jobs are accomplished using a thing called Social Engineering.
The Collins English Dictionary defines Social Engineering as: the manipulation of the social position and function of individuals in order to manage change in a society.
I define social engineering as: tricking people to get them to do what you want them to do.
If you look back at the 10 biggest system hacks (if anyone is willing to talk about it), what you’ll generally see an employees account was compromised, and then the flood gates opened.
Social engineering comes in many forms. One method is for somebody to randomly call you and pretend to be somebody, like the IT guy and gain access. The more popular method is by sending an email with a message they hope will get you to click on a link.
Below is a perfect example of this. It is an email “from” Yahoo! that look…official. What I’m going to do is show you the email, then show you why this email stands out as suspicious to me.
Hopefully this little exercise will help you pick up on trick emails.
I also hope this further clarifies a few other things:
- Why you shouldn’t allow staff to check personal email from a work computer
- Why you shouldn’t use Yahoo!, AOL, Gmail or any other free email
- Why you need to have a “banned list” on your network to help prevent people from going to malicious websites.
Here is the original email.
Well, sure, this looks innocent enough, right?
Let’s now break it down. Below I’ve pointed arrows and circled a few things, and I’ll describe them in order below the image.
- No subject – susicious
- Look at the To: block, there is no name there. Also, if you see a name that is not yours or multiple names you do not recognize, be suspicious.
- Notice the poor English of the first circled item? Also, this email was received today, January 3, 2014, so the reference to September is a bit off.
- The real way you make space in our email account is by deleting old emails, not by clicking a link in an email
- Notice the lack of consistency in the name used: At the top they refer to themselves as Yahoo Account Services, then in the signature block they refer to themselves as Yahoo! Member Services
Finally, a good thing to know how to do is see what the actual link location they are trying to send you to. You can do this a number of ways, if you “hover” your mouse pointer over the link, you can usually see what the actual link is, or you can right click the link (this won’t take you anywhere) then you generally have a few options to choose from (as you see below), then you can copy and past the link into notepad to see where it is really sending you.
So, I did this with the link in this email and let’s see where it was going to send me:
A quick analysis of this shows the “baseline” website location is hiperdisco.com. That doesn’t seem too Yahoo! official. The rest of that link does look pseudo official, but that doesn’t matter. What matters is that first portion, and there is no way I’d trust this.
So what do you do about this? I suggest the following:
- Make sure anti-virus is on all computers and is current
- Make sure you have a policy in place that prevents staff (this include you docs) from going to non-business websites
- Make sure you have a policy in place of what actions to take if something things they have an issue
- Do not use a free email service for your business.