5 Common Social Engineering Scams That Trigger Ransomware

Credit: Getty Images
Author: Henry Washburn
Author: Henry Washburn

As we dive into National Cybersecurity Awareness Month, we wanted to ensure that you and your customers have tips and templates to help make sure this month is a success. If you’re looking for some fresh content this month, our cybersecurity toolkit has you covered. Let’s take a quick look at what you can expect to find in the toolkit!

At the root of the majority of ransomware attacks is the tactic of social engineering, leveraged by hackers, which involves manipulation to access corporate systems and private information. Social engineering plays into human nature’s inclination to trust. For cyber criminals, it’s the easiest method for obtaining access to a private corporate system. After all, why would they spend time trying to guess someone’s password when they can simply ask for it instead?

1. Phishing: Phishing is the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.

2. Baiting: Similar to phishing, baiting involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital and physical. Some digital examples include music or movie downloads. A physical example could be a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly to the victim’s computer.

3. Quid Pro Quo: Like baiting, quid pro quo involves a request for the exchange of private data, but in this instance, offers the end user a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.

4. Pretexting: Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company to gain access to private data. For example, a hacker may send an email posing as an employee looking for a W2 information to obtain personal data from an unsuspecting victim.

5. Tailgating: Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal can quickly steal data or install malicious software.

While these are some of the most common cybersecurity trends to be aware of, we have plenty more content to ensure you and your customers’ cybersecurity awareness is second to none. In our Cybersecurity Made MSPeasy Toolkit, we’ve collected some of Datto’s stop content including our recent State of the Channel Ransomware Report. Download it today and prepare your customers!

Henry Washburn is a technical evangelist at Datto Inc. Read more Datto blogs here.