Cyber security isn’t just a concept that exists in the ether. It’s a very human concern: according to Tom Meehan, CFI, in his recent column for LP Magazine, more than half of data breaches and cyber security concerns are a result of human error or social engineering.
But what is social engineering? It’s a tactic used by hackers and fraudsters to manipulate unsuspecting individuals into giving up information or system access. Retailers need to be especially concerned with three common social engineering techniques: baiting, phishing, and vishing.
Don’t become another data breach statistic. Get our FREE Special Report, Data Security: Data Loss Prevention Best Practices and Proven Policies to Combat Data Breaches right now!
In all three, the risk of being caught is low, but the reward is high. From the column:
Baiting occurs when the social engineer leaves a malware-infected device, such as a USB flash drive or CD, in a common area where it is most likely to be found. Several devices can be left at one time to increase the likelihood of success. Bathrooms, hallways, and mail drops are easy targets for baiting. Humans are curious creatures, especially loss prevention professionals. The intent of the social engineer is that someone will pick up the infected device and plug it into their computer to see what’s on it. That’s when the malware installs itself. A lot of times, the USB drive or disk will be labeled “important” or “private.” Once the malware is installed, the social engineer may have access to the computer or whole networks.
Learn more about phishing and vishing in “Three Types of Social Engineering that Keep Coming after Retailers.” You can also visit the Table of Contents for the November–December 2017 issue or register for a free subscription to the magazine.