Don't call the number! We'll break down this specific socially engineered threat, and offer 3 things your organization you can do to shore up security.
In your effort to protect computer systems and sensitive data, socially engineered attacks need to be on your entire organization’s radar.
Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. According to KnowBe4, only about 3% of malware tries to exploit an exclusively technical flaw. The other 97% instead targets users through Social Engineering.
Social engineered attacks are simply an easy way in for cyber criminals.
We’re aware of a recent upswing in one specific method of attack. The activity includes a “pop-up” or “alert” on your computer system tell you that you are infected and to call a number. It’s a highly effective scam that has existed for years.
Here’s the breakdown, so you can be informed:
Fraudulent support sites, including Microsoft Spoofers, will make you believe that you have a problem with your PC. You may be redirected to these websites automatically by malicious ads found in dubious sites, such as download locations for fake installers and pirated media.
They might even ask you to CALL a number and they will pretend to be Microsoft and will lure you into a remote session.
Don’t do this.
Remember, always, that a legitimate error message from Microsoft, for example, would never ask you to call a tech support number. Put another way, “don’t call us. We will call you.”
These websites can use any of the following tactics to convince you that there's a problem with your PC that needs fixing:
- A fake blue-screen error
- A fake Windows activation dialog box
- Various fake system errors
- Supposed malware infection or malicious activity
They can also use the following techniques to make their claim more believable:
- Put the image or your browser on full screen, making the error appear as though it’s coming from Windows instead of the web page.
- Disable Task Manager
- Continuously display pop-up windows
- Play audio messages
Again, all these techniques are meant to persuade you to call the specified tech support number and start a support session.
Remember: “Don’t call us. We will call you.”
3 Things Your Organization Can Do:
1. Develop a security policy.
Define what assets you have that may be tempting to criminals, and how that is likely to be pursued. Update software and systems.
2. Back it up with training.
Educating your team on what socially engineering is, what types of threats exists and how to guard against them is the best preventative measure your organization can take.
It only takes one errant click, or one erroneous phone call to comprise data and leave you as yet another victim of a socially engineered attack.
It only takes one errant click, or one erroneous phone call to comprise data and leave you as yet another victim of a socially engineered attack.
3. Start with an assessment.
Find out exactly where you stand today in regards to network security. Establish the foundation for your plan by assessing your risk and identifying key steps and best practices moving forward.
Developing a well-managed, properly secured network starts here.
Developing a well-managed, properly secured network starts here.
