Inside the Hacker’s Mind – Social Engineering Blog | Inside the Hacker’s Mind – Social Engineering
Insurance Basics 03/31/20

Inside the Hacker’s Mind – Social Engineering

Inside the Hacker’s Mind – Social Engineering

Dr Jack Wadey

What is it?

Social engineering is a method employed by bad actors or “hackers” to manipulate or deceive individuals to share personal or confidential information.  A social engineering attack does not necessarily have to include computers. Have you ever held a door open into the office for someone you did not recognise, or allow access to someone in a high-visibility vest?  Bad actors can take advantage of these vulnerabilities to gain physical access to private or restricted areas. They are taking advantage of human nature and our conditioned behaviours; being polite, friendly and helpful.

What is the easiest way to gain access to someone else’s home?  Short of them leaving the door unlocked, the easiest way would be to obtain the key.  The same holds true for a network or online account. If bad actors can ‘trick’ you into giving them your login information, then the computer systems believe that they are you.  This is why phishing attacks, the most common form of social engineering attacks, are so prevalent. Bad actors send out thousands of phishing emails and there is a high chance that at least one person will click the link, giving them access to potentially confidential data.

Once bad actors have access to an account, they can create backdoors (methods to allow access bypassing the normal security), monitor emails and other network traffic, or download malware onto the system.  Most invoice redirect or payment diversion frauds happen this way. Bad actors gain access to an email account and monitor emails sent and received. If you receive a legitimate invoice, bad actors may send an email advising you that the bank account details have changed purporting to be from the same sender. 

Novel Coronavirus or COVID-19 Concerns

As COVID-19 is spreading over the world, more and more people are working from home and remotely logging in to their work environments.  Bad actors use uncertainty and fear to prey upon people and take advantage of new systems and processes. Again, this is just another form of social engineering.

The National Cyber Security Centre (“NCSC”), a part of GCHQ, issued advice on 16 March 2020, which informed individuals that malicious websites might use COVID-19 to attract and encourage potential victims to click on malicious links [1].

There are a number of social engineering attacks relating to COVID-19 that have already been reported.  Action Fraud has indicated that victims have lost over £800,000 due to attacks mentioning Coronavirus or COVID-19 since February 2020 [2].  

How can we protect ourselves?

One key defence is multi-factor authentication.  Multi-factor authentication requires a user to have two or more different methods to gain access to an account.  Most methods follow the ‘something you know, something you have’ process. For example, this could be a password (something you know) and a text message sent to your mobile device (something you have).  If you enable multi-factor authentication, then even if bad actors discover the password, they would still have to take additional measures to obtain the passcode sent via text.

Another way to protect yourself is to never reuse passwords across multiple accounts and devices.  A common method of attack is for bad actors to obtain previously compromised account details and try the same details for different websites and accounts.

Finally, if all the protective measures fail, Cyber insurance is available to assist with the remedial efforts.  Most Cyber insurance policies offer an incident response service, where expert IT forensics firms, law firms and other support providers are available to investigate the incident, secure your systems and ensure any necessary regulatory obligations are met.

 

Dr. Jack Wadley is a cyber claims specialist at Canopius insurance company.

[1] https://www.ncsc.gov.uk/news/cyber-experts-step-criminals-exploit-coronavirus

[2] https://www.actionfraud.police.uk/alert/coronavirus-scam-costs-victims-over-800k-in-one-month

Blog

Tips for protecting yourself and your business.

Insurance Basics

Getting Liability Insurance for Events

General

Starting an Event Planning Business: A to Z

Insurance Basics

How Much Does Event Planning Insurance Cost?

Insurance Basics

Insurance for Event Planners: What You Need to Know

Insurance Basics

What’s Included in Event Planning Insurance Coverage?

Insurance Basics

What Can a Tax Preparer Be Held Liable For?

Insurance Basics

Tax Preparer Insurance 101

General

4 Nurse Staffing Issues to Avoid

General

What You Need to Know to Be a Tax Preparer

Insurance Basics

Insurance for Bookkeepers: A Complete Guide

General

How to Start a Nurse Staffing Agency

Insurance Basics

What is Liability Insurance for Bookkeepers?

General

How to Build Customer Relations in Your Business

Insurance Basics

A Guide to Medical Staffing Insurance

General

Developing an Effective Risk Management Plan

Insurance Basics

All You Need to Know About Therapist Insurance

Insurance Basics

What is Malpractice Insurance for Counselors?

Insurance Basics

Benefits of Therapist Liability Insurance

Insurance Basics

What’s the Average Counselor Malpractice Insurance Cost?

Insurance Basics

Risk and Hazards of Being a Massage Therapist

Insurance Basics

Do Nutritionists Need Insurance?

Insurance Basics

What’s Included In Massage Insurance Coverage?

Insurance Basics

Everything You Need to Know About Malpractice Insurance Coverage For Nutritionists

Insurance Basics

Do Massage Centers Need Insurance?

Insurance Basics

How Much Does Nutritionist Insurance Cost?

Insurance Basics

Insurance Plans For Nutritionists: Everything You Need to Know

Insurance Basics

Massage Therapy Insurance: A Beginner’s Guide

General

Coronavirus Outbreak: 3 Tips to Keep Your Healthcare Business Safe

General

Company Working From Home? Stay Safe of Cyber Attacks

Insurance Basics

Business Interruption Insurance and Coronavirus

General

4 Best Practices for Medical Workers During the COVID-19 Outbreak

Insurance Basics

Inside the Hacker’s Mind – Social Engineering

Insurance Basics

Do Consultants Need Insurance?

Insurance Basics

Fitness Center & Gym Insurance: A Beginner’s Guide

General

Should Your Company Work From Home During the Coronavirus Outbreak

Insurance Basics

Why Your Business Needs Wellness and Fitness Insurance: A Comprehensive Guide

Insurance Basics

What Is the Cost of Gym Insurance?

Insurance Basics

What Insurance Do Consultants Need?

Insurance Basics

How Much Is Insurance For a Consultant?

Insurance Basics

Benefits of Consulting Insurance Coverage

General

Pay as You Go Insurance for Healthcare Professionals

General

You Have Your Physician Assistant’s License: Now What?

General

Why Are You Still Buying Occurrence Malpractice Coverage?

General

What Does Malpractice Insurance Cost?

General

Physician Assistant Malpractice Coverage: A Practical Guide

General

Do Student Nurses Need Malpractice Insurance?

General

Ouch, You Hurt Me! Do Nurse Practitioners Need Their Own Malpractice Policy?

General

What Type of Insurance Do Nurses Need?

General

Understanding Insurance Terms: Back to Basics

General

What Does Professional Liability Insurance Cover?

General

Types of Insurance Available for Small Business Owners

General

Potential Small Business Risks

General

General Liability Insurance: How to Keep your Business Protected

General

Choosing a Business Insurance Provider: Everything You Need to Know

General

Business Insurance Plans – Do I Need One?

General

Benefits of Professional Liability Insurance

General

What Is the Average Cost of Errors and Omissions Insurance?

General

What Is Cyber Liability Insurance?

General

What Does Errors and Omissions Insurance Cover?

General

Cyber Insurance 101: Why You Need It

General

What Does a Cyber Liability Policy Cover?

General

Errors and Omissions Coverage: What Is It & How Does it Work?

General

What Is the Average Cost of Cyber Liability Insurance?

General

Who Needs Errors and Omissions Coverage?