Impersonation: Hacking Humans - Sunwest Bank
Important Articles

Paycheck Protection Program Guide

What Are Port-Out Scams?

Understanding Wiring Fraud

Strength in Numbers

2020 Financial Highlights

A Fortress Balance Sheet

Welcome Back


 

Impersonation: Hacking Humans

Home > Security Tips  > Information Security Awareness  > Impersonation: Hacking Humans
Impersonation: Hacking Humans

02 Mar Impersonation: Hacking Humans

Posted at 13:26h in Information Security Awareness, Security Tips by

Impersonation is one of several social engineering tools used to gain access to a system or network in order to commit fraud, industrial espionage or identity theft. The social engineer “impersonates” or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your office, to information, or to your information systems.

The social engineer patiently pieces together of all the fragments of information found into a coherent picture. Each victim who gives them information considers what they say or do to be harmless, but the combination of the details gives the impersonator what they need to become powerful. The more information they have, the better they can avoid detection.

Impersonators spend time researching their target. They find information about you or your company by:

    • Stalking employees on social networking sites
    • Company websites
    • Email phishing
    • Phone pretexting
    • Dumpster diving
    • Eavesdropping on employee conversations
    • Black market websites or other social engineers

 

Tailgating
If your organization has more than one door or perhaps a secondary exit to the parking lot, be sure that no one is allowed in through those doors that do not belong. This is known as “tailgating.” An attacker seeking entry to a restricted area, where access is by unattended and controlled by electronic access control, can simply walk in behind a person who has legitimate access.

The legitimate person may fail to ask for identification for many reasons, or may accept an assertion that the attacker has forgotten or has lost the appropriate identity token. The attacker may also fake the action of presenting an identity token or approach the door carrying a large box of books and relying on people’s propensity to hold the door open for others in that situation. There are any number of tricks they can use to gain entry. If you notice someone hanging around the building that shouldn’t be there, you may have a social engineer on your hands waiting for the right opportunity.

Shoulder surfing
Impersonators can gain access to information by simply watching what you are typing or by seeing what is on your computer screen. This is known as “shoulder surfing,” and can also be done by looking through a window, doorway, or simply listening in on conversations.  Be aware of your work environment and know who is around you when you are working with confidential information, or even when you are typing in your password.  Do not let others see you type your password, and protect your computer screen from unauthorized viewing. Computers in public areas, by the way, should not have the monitors facing outward.

USB devices loaded with malware
One of the best technological tools at the disposal of a social engineer, especially those posing as a technical support person, is a USB thumb drive. They are small, easy to conceal, and can be loaded with different payloads (malware) depending on what task needs to be done. It only takes a few seconds to insert one into a computer to compromise the entire network. They can also be planted in different locations around the workplace in the hopes that employees will find them, use them, and unwittingly install a Trojan on the system. The Trojan can be used to gain passwords and login information or to provide the attacker unfettered access to the network from a remote location.

How to protect yourself against impersonators
With this knowledge of what impersonation is and how it’s used, it’s time to discuss how to protect yourself from social engineers who create elaborate scenarios, plan each detail, and are driven to steal. By following some common sense rules and using your best judgment, you can defend against these attacks and better protect yourself, your company, and your customer’s information:

  1. When in doubt about the validity of an individual or a request, contact your manager or the manager of the requester, for authority to comply with the request.
  2. Never give out passwords. Technical support personnel do not ever need your password or other information related to accessing your system.
  3. Avoid revealing information, especially out of trust or fear. Ensure the physical security of your premises. Don’t enable tailgating. Ask yourself, “who is that and why are they here?” If you are unsure about a person’s authorization or access permission, report the situation to the appropriate staff.
  4. Be aware of your surroundings.  Make sure you know who is in range of hearing your conversation or seeing your work. Use a computer privacy screen to deter shoulder surfing, especially in public places. Protect paper documents. Don’t leave documents lying around. Use a shredder to discard unwanted documents.
  5. Adopt a healthy dose of skepticism for anything out of the ordinary, especially strangers who endear themselves to you.
  6. Adhere to the policies and procedures within your organization that stipulate how you should manage situations that may be social engineering attacks.

Powered by www.InfoSightInc.com

Print page


Sunwest Bank
Built For Entrepreneurs By Entrepreneurs
Sunwest Bank is an entrepreneurial business bank built for entrepreneurs by entrepreneurs. Sunwest Bank was founded in 1969 in Tustin, CA. Sunwest Bank recently moved its headquarters to Sandy, UT, Salt Lake City metropolitan area.
Useful Links

     

Contact Sunwest Bank
© Copyright 2024 Sunwest Bank

Banking, Deposits and Savings, Commercial and Small Business Lending and online or mobile Banking services are provided by Sunwest Bank, Member FDIC, Equal Housing Lender, NMLS No. 586120. Department of Financial Protection and Innovation License No. 1017. All Rights Reserved – 2021.

Checking and Deposits: Checking accounts may have monthly fees or minimums, or per item charges. Review your account details. Deposits (including Certificates of Deposit) are insured by the FDIC up to a maximum of $250,000 (including principal and interest) for all deposits held in the same insurable ownership capacity (e.g., single account, joint account, IRA) at the same bank. Sunwest Bank customers are responsible for monitoring the total amount of deposits held. All deposits at a single bank held in the same insurable ownership capacity are aggregated for purposes of the applicable FDIC insurance limits. Take advantage of the FDIC's Electronic Deposit Insurance Estimator (EDIE) to calculate the FDIC insurance available for your personal and/or business deposits at: https://edie.fdic.gov/

Lending: All real estate secured loans are subject to credit and collateral approval. Additional terms and conditions apply. Small Business loans are subject to credit and collateral (if required) approval and program eligibility requirements of Sunwest Bank and the Small Business Administration, as applicable. Business and Personal loans are subject to credit and collateral (if required) approval. Some business loans may require a personal guaranty. Carefully read all loan product information, agreements and disclosures before completing the lending process.

All Programs, rates, terms and conditions are subject to change without notice. Complete details, including restrictions, limitations and exclusions for any product or service of Sunwest Bank will be available when you become a customer.

Sunwest Bank Mobile is compatible with iOS devices (iPhone, iPod Touch, iPad) and Android-powered devices. While the Sunwest Bank Mobile app is free to download, message and data rates may apply. Check with your mobile services provider for any charges that may apply for data usage on your mobile device. Please refer to the Mobile Banking and Online Services Agreement for further details regarding Sunwest Bank mobile banking services.


Google Play and the Google Play logo are trademarks of Google, Inc.
Apple, the Apple logo, iPhone, and iPad are trademarks of Apple Inc., registered in the U.S. and other countries.

ALL INVESTMENT AND INSURANCE PRODUCTS:
NOT FDIC INSURED - NO BANK GUARANTEE - MAY LOSE VALUE – ARE NOT A CONDITION TO ANY BANKING SERVICE OR ACTIVITY – ARE NOT DEPOSITS