The use of social media increased in 2020 as more and more households sheltered in place and shifted from working and learning in traditional environments to their home. This pivot created a number of conversations taking place in online mediums both socially and professionally.
However, what the average user may not know, posting their home videos on TicTok or pictures of screenshots with backgrounds on Facebook or Twitter revealing their email on their laptop or zoom hosted team calls, the online hackers are lurking behind the scenes gathering the info. For instance, a user is excited to virtually host a team call using zoom and decided to share the new developments of their new found working from home best practices on Instagram with a snapshot of the zoom attendees. This now opens the door for one of the top social engineering tricks by impersonating someone in the organization over the phone–an online hacker can use a name they see in the zoom screenshot and try to access records claiming to be the employee. This scheme and scenario has been playing out in organizations for years to gain insight into organization hierarchies and systems.
To gain an understanding of how these scams proliferate, take a moment to read this article published by Fast Company: I’m an ethical hacker. Here’s how I could use social media to scam you.
One of the skill sets executive assistants and business administrators need to add to their arsenal is cyber security gatekeeper. There are a number of tactics scammers use and it could be costly to the company when they are not shutdown. Below is a short list to keep in mind but this booklet is a great resource that helps identify some of the most common scams: Scams and your Small Business published by The Federal Trade Commission.
- Phone Phishing–pretending to be an internal employee requesting to verify team contact information. One of their tactics is establishing a sense of urgency for a task but their internet is down and they need a phone number or email.
- Fake email--this one is highly sophisticated and anyone can easily fall victim. The email may come across from an internal employee requesting a sensitive document but the actual email has been spoofed.
- Invoice processing–with digital transformation in the payment landscape a number of companies are transitioning to the latest in technology that provides solutions for virtual methods of paying invoices. It is important to verify the source of the invoice, email, contact information and actual billing of services or product.
Maintaining composure and focus when something does not sound or feel right are the first steps to possibly identifying a scam–never second guess the gut feeling or sense that something is wrong. Continue to be engaged in the latest techniques scammers use, be sensitive to the type of information posted in social media platforms and share experiences so others can understand that hackers are always listening, viewing and following online movement.