As we move through October and National Cyber Security Awareness Month (NCSAM), I wanted to share reflections from a past experience with a friend who was targeted remotely.
A lot of people judge others harshly when they fall victim; I tend to view this as that individual gains a significant degree of awareness and has the potential to transform from victim to security champion.
The victim, my friend, wrote to me to say: Before today, I didn’t even know what Social Engineering was. I quickly found out when I walked into a trap set by some very bad people.
It started innocently enough when my friend tried to login to their online banking account, something they had done regularly in the past. The site looked no different. The bank logos and login looked real. Suddenly a warning flashed on the screen and it said, in BIG, angry RED letters, something about their login and accounts being compromised and that they needed to call the bank’s technical support number right away.
They were freaked out by the message and were in panic mode, so they called the number. The person who answered was very professional, said all the right things, and was going to be the savior who would make everything right again. Eventually, my friend got suspicious but not before they had given the person on the phone access to their system.
As security professionals, we know that this was a huge mistake, but an average user would react exactly in this same way. And it’s a reasonable human response when you assume that you’ve broken your expensive computer or left yourself vulnerable to harm.
By then, my friend knew that they had made a mistake and they assumed that their bank account was being compromised. They then put (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Steve Mancini. Read the original post at: Cylance Blog