Blake Dowling: Social engineering
Image of businesspeople hanging on strings like marionettes. Conceptual photography

puppet on a string

Do you need a break from Putnam, Donald, Kim and all the other headlines raging this week in the Sunshine State and our nation?

How ‘bout we talk cybersecurity, so you can make sure you have all the bases covered (baseball analogy for the upcoming College World Series).

Are you familiar with “social engineering?” The term gets thrown around a lot in cybersecurity circles, but according to Webroot:

“Social engineering is the art of manipulating people, so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software — that will give them access to your passwords and bank information as well as giving them control over your computer.”

In the political, lobbying and business world we live in, we have long, complex passwords, perimeter security devices, layered anti-spam and anti-virus tools, someone watching the network with a remote monitoring tool, real-time backups, etc.

Social engineering bypasses all that.

I am sure everyone remembers former Hillary Clinton campaign manager John Podesta. He got a bogus email from Google, saying he must change his password now, which he did. It was subsequently stolen (as it was not really from Google).

The ramifications were significant, as we all know.

Now think about how former CIA Director John Brennan’s personal email account was similarly hacked. That’s right. The CIA.

Hackers called Brennan’s internet provider, Verizon, and claimed to be from Verizon customer service trying to fix an issue with their client. They didn’t stop until they had his Social Security number.

The hackers took that info, did a password reset and — presto — complete access to all his email.

In Florida, I have personally seen phishing attempts to local, association and lobbying entities were hackers dig up info on key personnel in the organization, an attempt to impersonate them.

If your email address is posted on your website, the bad guys can find it. They then create a fake domain resembling yours and reference something in the news to make the email sound legit and ask for money.

As an example, Bob gets an email from his accounting person saying they need $4K to put on a rally in Miami, the individual needs the money wired because they “can’t use a credit card.”

You would think there’s no way this would work, but occasionally it does. I have seen it happen.

Last week, I took a call from a client who said Microsoft is calling them to do some maintenance and needs their password. As I have said before it is hard enough to get a call through to Microsoft, they certainly never call you for anything, ever. This is an attempt at a hack. What if you have an intern at your office or a campaign volunteer. Do they know about this? Or would they give their password to “Microsoft” putting all of your data in jeopardy?

Sometimes you can’t even trust the security companies as widely known security giant, Kaspersky was hijacked, or maybe even involved in some cyber shenanigans.

Here in Florida, we must protect ourselves every day, especially with some huge elections on the horizon.

Just like college football (and elections), Texas, California and Florida are the states you want to watch, and all eyes — including hackers — will be looking this way. Just like last time.

Make sure you and everyone on your team are ready.

___

Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].

Blake Dowling

Blake Dowling is CEO of Aegis Business Technologies. His technology columns are published by several organizations. Contact him at [email protected] or at www.aegisbiztech.com



#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, William March, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704