Even as security standards continue to improve, hackers are always coming up with new ways to exploit users. Let’s talk about how to protect yourself from a common scam that uses social hacking to gain access to your technology.
Who are these people? In the same way a computer hacker will try many ways to gain access to a remote computer system, a social hacker gains your trust to access information you willingly provide.
We’ve talked about Spear Phishing before which is a perfect example of employing social hacking to infiltrate someone’s email. Another common scam that we have encountered are fake tech support calls.
The attacker will find your business or personal information on the internet and they will call you claiming to be tech support. The social hacker will then tell you that your computer is infected with a virus or malware and they need to connect remotely to remove it. They may state they are from the Windows Service Center, Microsoft Research and Development, the Windows Helpdesk, or any number of other official-sounding places. They will attempt to scare you and make you believe that your sensitive data is already exposed and it is immediately important that they resolve the problem.
Once the attacker has you on the phone, they may direct you to a common site used for remote support such as Teamviewer or Logmein, or they may try and send you to another site with a masked address that will install their malicious software. If you follow their instructions, they will likely install a backdoor application on your computer and then connect to your machine. Once this happens they may immediately demand a credit card payment to remove their software, or they could destroy all your information. Alternatively they may inform you that the infection has been taken care of and just hang up. Then they can capture information like banking passwords or other sensitive information while you are unaware.
Rest assured that unsolicited phone calls asking for remote access to your computer are not legitimate. Social hacking with fake tech support employs techniques to scare you into willingly allowing an attacker access to your computer. A few ways to safeguard yourself from these scams are:
- Be vigilant with your computer security systems and software, keeping antivirus and anti malware definitions up to date to block threats. This allows you to be confident that your computer and information are secure.
- Do not allow remote access to your machine unless you are already a customer of the company and you can verify their identity. Microsoft provides many ways to verify their identity and does not generally call users unless it is in response to an existing case, which has a case number, technician name, and verifiable call back number. Attackers do not have this kind of information.
- Ask for detailed information when receiving a tech support call, make sure there are multiple ways to contact the support person on the other end of the phone.
- Never give credit card or personal information over the phone from an unsolicited phone call.
This may sound like common sense, but we all have bad days when we are vulnerable to these kinds of attacks and social hackers target users who are off their guard. Social hacking relies on emotional response, distraction, and our innate desire to protect ourselves. Having great technology and powerful security still requires end-users to be attentive and aware of different kinds of threats. When in doubt, hang up, and call your IT provider with any questions or concerns you may have. Be safe out there!