Guest Author - Consuelo Herrera, CAMS, CFE
We all are impressed by the usefulness of electronic means and information. Accessing real-time databases is a plus, few times, we think of it as a source of headaches. This article will give you some insight about social engineering schemes. As accountants we must be aware of them and make our clients aware of the possible threats to their personal information.
One of the fields where forensic specialists find work opportunities is related to cybercrimes. Forensic accountants are hired to quantify the amount lost due to a disruption of a system or network.
The basic goals of social engineering are the same as those of malicious hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network.
Recognizing Threats to Personal Data is a must. Being aware of the ways in which personal information gets hijacked online prevents us for being a victim.
Have you received letters offering you a share in a large inheritance? “Too good to be true?” Probably it is. Stop! Don’t click that link. Resist the temptation of thinking that others can be deceived but you will not! Crooks are smarter today and they know human behavior well.
The Office of the Privacy Commissioner of Canada Fact Sheet: Recognizing Threats to Personal Data: Four Ways That Personal Information Gets Hijacked Online (March 2007) details some common social engineering schemes:
1. A person contacts you claiming to be a system administrator. He claims there are problems with your account and needs your password to fix it;
2. A person contacts you claiming to be from a credit card company. He needs to verify your account and asks for your credit card number and expiration date;
3. A person contacts you claiming to be a new staff member. He has forgotten his password and asks you to give him yours because he needs to get into the system very quickly or he'll be in trouble with the boss; and
4. Someone from someplace far away wants to give you millions of dollars but needs your help, in the form of money for bribes, expenses, etc. in moving the money from there to here.
The perpetrator of social engineering schemes predicts what works well with a particular person. He or she combines technical and social skills with the purpose of accomplishing his or her goal of obtaining personal information. A common scheme occurs when you receive an e-mail allegedly from your financial institution asking to click in a link that seems very similar to the real link of your bank or credit union. When the victim follows their directions and provides personal information the rest is history. Usually perpetrators empty checking and savings accounts, stole identity, apply for loans, etc.
As accountants we provide financial planning advice. A great piece of advice and education consists of making our clients aware of how vulnerable they can be if they get scam e-mails that entice them, through threats or false promises, to provide personal private information.
Social engineering is a real threat. Perpetrators are watching for the smallest opportunity to break into your personal information and misuse it to your detriment. Don't be a willing party to their schemes. Be suspicious if something looks too good to be true because it probably is.