Inside the Hacker’s Mind – Social Engineering Blog | Inside the Hacker’s Mind – Social Engineering
Insurance Basics 03/27/20

Inside the Hacker’s Mind – Social Engineering

Inside the Hacker’s Mind – Social Engineering

Dr Jack Wadey

What is it?

Social engineering is a method employed by bad actors or “hackers” to manipulate or deceive individuals to share personal or confidential information.  A social engineering attack does not necessarily have to include computers. Have you ever held a door open into the office for someone you did not recognise, or allow access to someone in a high-visibility vest?  Bad actors can take advantage of these vulnerabilities to gain physical access to private or restricted areas. They are taking advantage of human nature and our conditioned behaviours; being polite, friendly and helpful.

What is the easiest way to gain access to someone else’s home?  Short of them leaving the door unlocked, the easiest way would be to obtain the key.  The same holds true for a network or online account. If bad actors can ‘trick’ you into giving them your login information, then the computer systems believe that they are you.  This is why phishing attacks, the most common form of social engineering attacks, are so prevalent. Bad actors send out thousands of phishing emails and there is a high chance that at least one person will click the link, giving them access to potentially confidential data.

Once bad actors have access to an account, they can create backdoors (methods to allow access bypassing the normal security), monitor emails and other network traffic, or download malware onto the system.  Most invoice redirect or payment diversion frauds happen this way. Bad actors gain access to an email account and monitor emails sent and received. If you receive a legitimate invoice, bad actors may send an email advising you that the bank account details have changed purporting to be from the same sender. 

Novel Coronavirus or COVID-19 Concerns

As COVID-19 is spreading over the world, more and more people are working from home and remotely logging in to their work environments.  Bad actors use uncertainty and fear to prey upon people and take advantage of new systems and processes. Again, this is just another form of social engineering.

The National Cyber Security Centre (“NCSC”), a part of GCHQ, issued advice on 16 March 2020, which informed individuals that malicious websites might use COVID-19 to attract and encourage potential victims to click on malicious links [1].

There are a number of social engineering attacks relating to COVID-19 that have already been reported.  Action Fraud has indicated that victims have lost over £800,000 due to attacks mentioning Coronavirus or COVID-19 since February 2020 [2].  

How can we protect ourselves?

One key defence is multi-factor authentication.  Multi-factor authentication requires a user to have two or more different methods to gain access to an account.  Most methods follow the ‘something you know, something you have’ process. For example, this could be a password (something you know) and a text message sent to your mobile device (something you have).  If you enable multi-factor authentication, then even if bad actors discover the password, they would still have to take additional measures to obtain the passcode sent via text.

Another way to protect yourself is to never reuse passwords across multiple accounts and devices.  A common method of attack is for bad actors to obtain previously compromised account details and try the same details for different websites and accounts.

Finally, if all the protective measures fail, Cyber insurance is available to assist with the remedial efforts.  Most Cyber insurance policies offer an incident response service, where expert IT forensics firms, law firms and other support providers are available to investigate the incident, secure your systems and ensure any necessary regulatory obligations are met.

 

Dr. Jack Wadley is a cyber claims specialist at Canopius insurance company.

[1] https://www.ncsc.gov.uk/news/cyber-experts-step-criminals-exploit-coronavirus

[2] https://www.actionfraud.police.uk/alert/coronavirus-scam-costs-victims-over-800k-in-one-month

Blog

Tips for protecting yourself and your business.

Insurance Basics

Why Your Business Needs Wellness and Fitness Insurance: A Comprehensive Guide

Insurance Basics

What Is the Cost of Gym Insurance?

Insurance Basics

What Insurance Do Consultants Need?

Insurance Basics

How Much Is Insurance For a Consultant?

Insurance Basics

Benefits of Consulting Insurance Coverage

Insurance Basics

Fitness Center & Gym Insurance: A Beginner’s Guide

Insurance Basics

Do Consultants Need Insurance?

Insurance Basics

Inside the Hacker’s Mind – Social Engineering

Healthcare

Pay as You Go Insurance for Healthcare Professionals

Healthcare

You Have Your Physician Assistant’s License: Now What?

Healthcare

Why Are You Still Buying Occurrence Malpractice Coverage?

Healthcare

What Does Malpractice Insurance Cost?

Healthcare

Physician Assistant Malpractice Coverage: A Practical Guide

Healthcare

Do Student Nurses Need Malpractice Insurance?

Healthcare

Ouch, You Hurt Me! Do Nurse Practitioners Need Their Own Malpractice Policy?

Healthcare

What Type of Insurance Do Nurses Need?

Insurance Basics

Understanding Insurance Terms: Back to Basics

Insurance Basics

What Does Professional Liability Insurance Cover?

Insurance Basics

Types of Insurance Available for Small Business Owners

Insurance Basics

Potential Small Business Risks

Insurance Basics

General Liability Insurance: How to Keep your Business Protected

Insurance Basics

Choosing a Business Insurance Provider: Everything You Need to Know

Insurance Basics

Business Insurance Plans – Do I Need One?

Insurance Basics

Benefits of Professional Liability Insurance