Content

5 Types of Social Engineering Scams to Know

Ryan Weeks, Chief Information Security Officer, Datto, Inc.
Author: Datto CISO Ryan Weeks

With cybersecurity attacks on the rise, it’s more important than ever to ensure your customers are properly protected from these threats. One of the simplest yet most effective methods to accomplish this is through proper cybersecurity training. In this blog post, we’re highlighting some of the most common social engineering scams to look out for.

1. Phishing: is the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails appears to be from the government or a major corporation and can include logos and branding.

2. Baiting: similar to phishing, baiting involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2018” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

3. Quid Pro Quo: similar to baiting, quid pro quo involves a request for the exchange of private data but for a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.

4. Pretexting: is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

5. Tailgating: is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.

Developing a robust, multi-layered cybersecurity strategy can save a business. Ongoing employee education and security technology will boost your front line of defense and dramatically decrease the likelihood of any breaches. Lastly, a solid, reliable backup and recovery solution is the second and most essential layer of defense, allowing businesses to quickly recover unscathed should things turn ugly.

To learn more about the most effective methods to protect your clients from various cybersecurity threats, check out the Essential Cybersecurity Toolkit for SMBs. This toolkit features some quick and easy tips for setting up a training program, how to spot and avoid common cyber scams, essential solutions for data protection, and more. Check it out today.


Ryan Weeks is chief information security officer at Datto Inc. Read more Datto blogs here.

You can skip this ad in 5 seconds