A New Form of Hacking

March 15, 2017
It's OK to say "No" to information requests

I recently learned about a new kind of computer hacking from Kevin Mitnick, a speaker at the recent 2017 AmeriQuest Symposium in Orlando who addressed a topic known as “social engineering.” Not so long ago, Mitnick was one of the world’s Most Wanted hackers.

He defined social engineering as “a form of hacking that relies on influence, deception and manipulation to convince another person to comply with a request in order to compromise their computer network.”

Hackers use social engineering for a variety of reasons:

  • It’s easier than doing software or technology hacks
  • It is nearly 99.5% effective
  • It leaves no audit trail

The real problem with social engineering is that your employees are unwittingly revealing information that the hacker then uses against you or your company.

Hackers start by doing information reconnaissance looking for organization charts, names and titles of employees so they can determine the type of information the employee may have access to. They can go to places like LinkedIn, enter your company’s name, get the names of key employees and find everything they need to determine who is in the “circle of trust” for those employees.

When hackers launch these social engineering hacks, they prepare in advance by adopting a role or identity and developing reasons to call your employees.

Another favorite trick is to send via snail mail a thumb drive specialty gift that looks like it comes from someone who is in that employee’s circle of trust. They go so far as to imprint the company logo on the drive and package it from the company they are impersonating. Since the recipient thinks the drive is coming from someone they trust, they insert it in their USB port. This allows the hackers to unleash a Trojan horse (virus) onto that computer or to steal passwords and other important data.

Mitnick advised meeting attendees to be careful when connecting to free wireless networks because hackers are setting up fake wireless networks which allow them to access information. He also said to be wary of software update notices; they could also be fake. Once a fake update is downloaded, the hackers have access to that computer and the all information it contains.

More sophisticated attacks are launched via browsers, media players, document readers and booby-trapped PDFs.

Why are these social engineering hackers successful? Mitnick says it’s because “there is a hole in the human firewall. People think it can’t happen to them.” Another reason is because of people’s natural desire to help.

So how do you prevent your employees from falling victim to these tactics? First inform them about the sophisticated tactics hackers are using today. You can also do mock attacks to test how your employees respond and then educate them on the right way to deal with these situations. You also need to establish a social engineering incident response program as well as modifying what Mitnick calls “your company politeness policy.”

He strongly recommends telling your employees, “It is okay to say no to information request.”

When building your human firewall, keep it simple. Set up a protocol that is easy to understand and follow. Develop interactive social engineering resistance training and whenever possible, use technology to take decision making out of the hands of your employees.

About the Author

Jane Clark | Senior VP of Operations

Jane Clark is Senior Vice President, Operations for NationaLease. Prior to joining NationaLease, Jane served as Area Vice President for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Companies, Pro Staff, and Manpower, Inc.

Voice your opinion!

To join the conversation, and become an exclusive member of FleetOwner, create an account today!

Sponsored Recommendations

Leveraging telematics to get the most from insurance

Fleet owners are quickly adopting telematics as part of their risk mitigation strategy. Here’s why.

Reliable EV Charging Solution for Last-Mile Delivery Fleets

Selecting the right EV charging infrastructure and the right partner to best solve your needs are critical. Learn which solution PepsiCo is choosing to power their fleet and help...

Overcoming Common Roadblocks Associated with Fleet Electrification at Scale

Fleets in the United States, are increasingly transitioning from internal combustion engine vehicles to electric vehicles. While this shift presents challenges, there are strategies...

Report: The 2024 State of Heavy-Duty Repair

From capitalizing on the latest revenue trends to implementing strategic financial planning—this report serves as a roadmap for navigating the challenges and opportunities of ...