Hackers and identity thieves want access to valuable personal data. Your club’s computer systems store personally identifiable information in membership databases. Hackers can gain access to that information by trying to break through the front door (which is usually well protected) or sneak through the back door, which is generally left wide open by an unsuspecting employee.
Hackers are smart–they’re no longer wasting time and effort pounding on the front door. Instead, hackers now use sophisticated social engineering ploys to deceive employees into providing access to YOUR protected information!
Made to look official and believable, these emails appear to be sent by a trusted source (your bank, credit card company, utility company). The direction is simple: click a link and go to the website. The hook is the link goes to an imposter website that now has opened a line for the hacker.
Hook. Line. Sinker.
“Good morning, this is Heather.”
“Good morning Heather, this is Robert Griffin from Comcast. I’ve been working with Karen Jenkins to upgrade the club’s high speed Internet service, but I’m having a little trouble accessing the Internet router on the network to finalize the configuration. Would you mind taking just a quick minute to help me out?”
“Great. I just need to share your screen so I can get this squared away for you. If you can give me your email address, I’ll send you a screen-sharing invitation and we’ll get started…”
The impersonator learned from LinkedIn that Karen Jenkins is the club’s CFO, and also learned that Heather is the Membership Secretary. The impersonator took a chance that the club uses Comcast for Internet since it is the most popular in the area.
Uniforms, badges, embroidered hats, business cards, tool kits, letterhead … can all be purchased over the internet. If the service was not requested and scheduled, double check the credentials before allowing access to your business environment.