Twenty minutes is all it took for Shane MacDougall to exploit a Walmart manager into giving him highly sensitive information regarding the big box superstore. From specific details on contractors and pay-cycles to operating systems, the unsuspecting manager did not skip a beat in gladly offering whatever MacDougal needed. Luckily, the social engineer and hacker orchestrated this attack to raise awareness about the issue in front a captivated audience at Defcon’s “Capture the Flag” event.
Social Engineering is manipulating human weakness to gain access to private information. With tax season approaching and refund fraud at an all-time high, it’s important for businesses to be aware of this kind of cunning criminal activity.
What do attacks look like?
Curiosity and carelessness are what make social engineers so successful in their pursuit. Here are some of the most common forms of attack:
- Pretexting: This, like in the Walmart case, is an instance where a hacker impersonates someone in an authority position. Hackers attempt to create a sincere story and background while also trying to form a rapport with the victim
- Phishing: Typically in the form of an email, phishing thrives on emotions such as fear, greed and a sense of urgency. When a friend is claiming to be held hostage internationally or a company is giving away free Ray Bans, the email may just be infected with malware.
- Baiting: Just as the name suggests, baiting uses something to lure in victims; this could be anything from signing up for a free music download or plugging in a found USB drive to satisfy curiosity.
- Tailgating: This happens when an attacker gets access to a secure or restricted area by following in an employee or other authorized personnel.
Regardless of the type, a socially engineering attack could be detrimental to individuals as well as businesses this tax season. Ensure that you and you company take the necessary and extra precautions to protect your privacy.
If you think you have been a target of social engineering or need more help understanding your taxes, please visit our live chat at our website (www.semaphoretax.com) to get in contact with one of our experienced tax professionals, or call us at 866-736-2444.