Over here in Cybersecurity Land, we talk a lot about social engineering attacks and how sneaky they are because they play on our desire to be kind to other people and do good on the company’s behalf. Unfortunately, there are bad people in the world who play on this for their own gain, and we call this social engineering.

Just take a look at this latest example that is a lesson for all of us: KnowBe4, a well-known company who makes money by training people on the dangers of social engineering, just fell for it themselves! They hired someone who passed all the normal checks, video interviews, background checks, and verified references, and it still turned out that the person they hired was a North Korean nation state actor (i.e. someone hired by the government to do bad things). Fortunately, KnowBe4 discovered this before any real damage was done, but that is not always the case. Conjecturing here, but most times this is not the case!

There is no better lesson for all of us than what we can learn from the KnowBe4 incident. Here are some key takeaways that we all should be aware of:

  • First and foremost, trust your instincts: If something is off, even if you can’t place what it is or if it is just too good to be true, you are probably right.
  • If they ever won’t get on a video, or at least voice call, that is a big red flag. Be careful with this one – it is a common red flag!
  • People use VOIP phone numbers on their resume all the time, but VOIP phone numbers are a problem because they are useable from anywhere in the world, can easily change and fake caller ID, and very cheap free even. Check them for reputation at a site like this one that will tell you if it is a VOIP line and a subjective reputation score. Even better, ask them for a landline or at least a mobile number to call that you can verify the carrier.
  • Check images and video feeds for distortion and watermarks that should not be there. If applicable, detect AI enhanced profile images and audio recordings through a service like this one.

There are many, many, many more examples of real people and real companies losing millions of dollars and personal livelihoods because just 1 person fell for one of these scams. Some of us think it only happens to the elderly, some of us think it will never happen to them, and some of us think that there is no way that the AI boom can make this worse…. But those of us who think those things are, unfortunately, wrong.

Social engineering is a real threat that we all must be knowledgeable, diligent, and careful about as we go on our daily lives – both personally and professionally

If you ever have any questions on whether something is legitimate or just want to talk something out to be sure, you can always reach out to the experts at Integrated IT to be sure.

Stay safe out there, friends! If it seems suspicious, it is!

Resources

Do’s and Don’ts for Safeguarding Data in the Cloud

Dictionary of Cyber Security Terms

Essential Measures for Protecting Sensitive Data