Computerware Blog
78% of Phishing Scams are Hackers Impersonating IT Staff
When it comes to protecting your business from hackers, having a strong firewall is important, but it isn’t enough to fully keep the bad guys out of your network. If they can’t hack their way through a system vulnerability, they will try another, more devious way; namely, by tricking your staff with phishing tactics.
Phishing scams work by hackers communicating directly with the victim, pretending to be someone who can be trusted with sensitive information. For example, one common phishing scam is for a hacker to email their victim by falsely representing their bank. In a phishing scam like this, the hacker is trying to get the victim to reveal their banking credentials via email or phone call.
When a hacker directly reaches out to their target, they might be able to bypass security solutions like a spam filter. Depending on the spam filter, it might recognize the message as coming from a real person and therefore, let it through. In instances like this, the only defense you’ve got to protect your business from what the hacker has planned is an employee who is knowledgeable enough to recognize the message as a scam.
There are many different phishing tactics used by hackers, along with several different false identities taken on to fool people. One of the most common false identities used by hackers is one that we take personally, IT departments. As reported by ZDNet:
Social engineering, phishing campaigns and the impersonation of legitimate IT personnel are also on the rise. The security firm says that through 2014, FireEye observed hackers impersonating IT staff in 78 percent of phishing schemes directed at companies, in comparison to just 44 percent in the previous year.
As far as we’re concerned, this is a downright dirty tactic. IT professionals work hard to foster trust so that we can access the needed systems to do our job and protect a company’s sensitive data. Hackers are well aware of this trust given to IT and will therefore do everything in their power to exploit it.
This is one reason why it’s important for every worker to have a clear understanding of who is at the helm of their company’s IT support. If they don’t, then an email with a logo and general information pulled from your website might be enough to fool a well-meaning worker. At Computerware, we value having a working relationship with our clients. Our team knowing your team goes a long way in preventing scams like this.
Additionally, it’s important that every one of your employees knows the basics about phishing scams so they know what to look for. For example, one should never send sensitive information over email. Email accounts can be hacked. Even if your email account is secure, it doesn’t necessarily mean that the person’s account to whom you’re sending sensitive information to is as well. Instead of relaying sensitive information over email, use secure online forms and phone calls. Still, you should be wary with these forms of communication, too. Hackers are everywhere.
All of this isn’t to say that network security solutions are worthless. In fact, good security measures like Computerware’s Unified Threat Management tool, two-factor authentication for all of your accounts, and network monitoring with our managed IT services, all go a long way in preventing the vast majority of hack attacks. However, all it takes is one scam to successfully breach your defenses to take down your entire network, which is why vigilance and educating users is so important.
Don’t fall for scams perpetrated by fake IT companies. Instead, call the real IT pros at (703) 821-8200 for trustworthy oversight of your organization's technology.
Comments