Just as “follow-up” is a key ingredient in business success – it is showing to be a key ingredient in successful phishing and other fraudulent activities as well.
This short story came from a friend in the corporate setting. With the ease and prevalence of fraud perpetrated over the Internet these days, I felt it worth putting in our newsletter. Knowledge about the tactics used is the best deterrent I can think of!
As told to me, several weeks ago at a local town hall meeting here in New Hampshire, there was discussion about social engineering. Part of this discussion focused on how the “bad guys” use our kindness and willingness to help others against us. Recently, an employee in a large company fell victim to one of these exploits. Luckily, she took quick action so that the company could prevent any serious issues.
Here are the details:
The main goal of this particular social engineering attack was to get the company’s employee to download a file from a website by posing as a Dell employee – of course the perpetrator could pose as being connected to ANY reputable company.
This employee has never done business with Dell, and had never contacted or signed up for any information from them. However, several days ago she received a call from someone indicating he was “a Dell employee”. He asked her to check her inbox for an email he had just sent her. She saw the email and he asked her to click on a link within it to open a PDF file and verify that all the pages were there. She complied with the “Dell rep’s” request and clicked on a link in the email. That brought her to a website. At the website, a PDF file was downloaded. She then opened the PDF to verify how many pages were present and stated to the Dell rep that everything looked to be there. The “Dell employee” thanked her and stated that a follow up call would be placed later in the week. After hanging up, she started to think about the situation and immediately went to the company’s IT helpdesk to report the incident.
The IT staff had to rebuild her machine from scratch to ensure that the download was not a virus, but because of her quick action after the fact, had avoided more significant problems.
Hopefully, this email will help to remind everyone of the potential for social engineering and phishing.
Please remember these important details:
- DO NOT under any circumstances share passwords. NO ONE should know or will need to know your passwords.
- If you receive an email – or a phone call from any individual you do not recognize – DO NOT follow their directions if they instruct you to install or open anything on your system.
- Do not open attachments or click any links in your email that you do not recognize as legitimate.
- Always make sure to hover over the link to check the actual destination (for example, an email from Dell should only have links to www.dell.com).
- In the corporate or company setting be sure to report ALL incidents that involve possible virus infection, social engineering, or any other computer security issues to your IT department or whomever is in charge of your computer systems so that they may investigate these instances accordingly and determine appropriate action.
About Robin Snow
Robin is General Manager of CharlesWorks in its Peterborough, NH office. She is a Keene, NH area native with previous experience in the banking and finance fields.
She has been with CharlesWorks in various capacities since 2004.Her experience at CharlesWorks ranges from finances through web design and technical writing.
Robin is enthusiastic about helping people get onto the web and adept at explaining in non technical jargon about our ability to provide reliable and affordable hosting solutions. If you don’t know where to get started with a web presence, call Robin!