To effectively protect our health system against all cyber-related threats and trends, we must be informed about the latest tactics being used by hackers to gain access to sensitive information.
A common form of manipulation is called social engineering, which is defined as the art of manipulating or deceiving you into taking action or divulging sensitive information.
There are three forms of social engineering to be aware of: digital attacks, in-person attacks and mobile/phone attacks.
Digital attacks
These are most prevalent through phishing, a common practice where hackers go after a broad target of users with emails that look genuine but are actually intended to cause the user to click on a dangerous link. Spear phishing is another form of digital attack that targets a specific person or role at an organization. If you suspect a phishing email, click the Phish Alert button at the top of your screen to report it to IT and delete the email. You can learn more about phishing by clicking here.
In-person attacks
These occur when a hacker gains physical access to an organization, usually under false pretenses. Once inside the organization, these hackers use USBs or thumb drives to install malware onto computers to gain access to organizational systems. These attacks are also known as “tailgating,” which is the term for when a hacker bypasses physical access controls by following an authorized person inside. For example, someone waits outside of a building until someone authorized enters or leaves, and they catch the door before it closes.
Mobile or phone attacks
These attacks can also be known as smishing or vishing. Basically, smishing is the same as phishing, except hackers target users through text messages, phone calls and voicemails.
Smishing texts aim to manipulate people into turning over sensitive data, such as passwords, credit card numbers or access to computer systems. They typically rely on persuading users into believing they are a familiar or trusted source and that urgent action is needed. You can learn more about smishing by clicking here.
A vishing scam is similar, as hackers usually make the phone calls sound urgent or alarming. These can be perpetrated through a call with an actual person or a robocall. Criminals often spoof numbers that belong to real companies or impersonate call center professionals.
To stay safe, you should not trust a caller who knows some of your personal information until you can verify their identity. Be sure to stop, look and think before clicking a link in a text message or divulging sensitive information over the phone.
To learn more about social engineering, check out Social Engineering Red Flags.
