Latest Hacker Scam – Posing to be Your Vendors

Cyber Security Awareness Month Banner image

Hackers have found a new target – trusted relationships between your organization and your outside vendors.  Homeland Security issued an urgent appeal to businesses across the country to be more vigilant about access to sensitive information. Please share this blog with all your coworkers who may answer a call or email, so they’re prepared to handle it safely.

1. Protect your Trusted Relationships from Hackers

receptionist

There are reports of a new threat that targets the trust relationship between a business and their external technology vendors. This is not just companies like Safety Net. Think about the applications you use, like banking systems, manufacturing resource planning software, Electronic Medical Records software. Now think about how often those entities have remote access to your network.

There are many types of scams being utilized but in its most basic form, a hacker will call your receptionist. They’ll identify themselves as a fellow local business and explain that they are  looking for a new technology partner of sorts. Then they ask who you use and want to know if you would recommend them. Afterwards they politely hang up.

2. Internet Research Empowers Hackers

The hacker then proceeds to look up your technology vendor through LinkedIn and other means to obtain information. For instance, they will study social media, scouring for any information related to your employees and recommended technology vendor.

They call back the following day identifying themselves as being from the company they’ve researched. At this point, they will ask to speak to an individual they have also carefully researched who may be likely to have admin access or access to financial information. Many times, the manager, owner, or administrator of the company works with different people in a technology firm, so they think nothing of a request to remote into their computer to “apply some updates.” The hacker often uses the ruse that “Our normal remote access system is down, and I can call you back when you leave for lunch today. What time would that be?” The manager then allows them access to their computer and the hacker takes control.

3. Increased Vigilance is your Best Defense against Hackers

Homeland Security has asked that you advise your employees not to give out any information about any vendors you use unless you are 100% sure of who you are speaking to on the phone.

While we take pride in knowing our managed clients and their voices, you may notice increased vigilance from Safety Net including challenging your identity by asking a few extra questions or calling you back on your cell phone or main company line. That has always been our practice when transferring sensitive information, but it may happen more frequently now. We suggest everyone across your organization do the same while interacting with the Safety Net team – or any of your vendors or business partners.

4. Cyber Security Precautions are ALWAYS Important

You’re always welcome to review your own Cyber Security by completing this valuable Checklist. Please share it with anyone you know who would benefit from a more secure IT environment.  There are many extra security protections (and even more threats) coming out every quarter. If you are concerned about extra steps to secure yourself, or would like a security checkup, our team of trusted experts is available to give you ideas and advice.