{"id":29557,"date":"2023-09-27T08:45:22","date_gmt":"2023-09-27T15:45:22","guid":{"rendered":"https:\/\/paladinpointofsale.com\/retailscience\/home\/?p=29557"},"modified":"2025-09-22T15:06:52","modified_gmt":"2025-09-22T22:06:52","slug":"social-engineering-is-targeting-retail","status":"publish","type":"post","link":"https:\/\/paladinpointofsale.com\/retailscience\/home\/social-engineering-is-targeting-retail\/","title":{"rendered":"Retail is a Choice Target for Social Engineering"},"content":{"rendered":"

[et_pb_section fb_built=”1″ fullwidth=”on” _builder_version=”4.16″ background_color=”rgba(0,0,0,0.29)” global_colors_info=”{}”][et_pb_fullwidth_post_title meta=”off” featured_placement=”background” text_color=”light” _builder_version=”4.24.2″ title_font=”|700||on|||||” title_text_color=”#ffffff” title_font_size=”30px” background_color=”rgba(0,0,0,0.15)” background_enable_image=”off” background_position=”top_center” background_blend=”color” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ text_orientation=”center” custom_padding=”15%||15%” z_index_tablet=”0″ title_text_shadow_style=”preset5″ title_text_shadow_horizontal_length_tablet=”0px” title_text_shadow_vertical_length_tablet=”0px” title_text_shadow_blur_strength_tablet=”1px” meta_text_shadow_horizontal_length_tablet=”0px” meta_text_shadow_vertical_length_tablet=”0px” meta_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” text_shadow_style=”preset2″ parallax_effect=”on” module_bg_color=”rgba(255,255,255,0)” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”][\/et_pb_fullwidth_post_title][\/et_pb_section][et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_padding=”0px|0px|18.95px|0px|false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Preamble” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

Dutch industrialist Jacob Cornelis van Marken coined the term \u201cSocial Engineering\u201d back in the 1890s when he was describing work being done to \u201cimprove what was amiss in the world.\u201d Nearly 150 years later, social engineering now describes something completely different. It\u2019s the way cybercriminals try to manipulate people to steal information, data and money from businesses and organizations of all sizes and retail stores are among their prized targets.<\/span>\u00a0<\/span><\/p>\n

Fortinet, a global leader in cybersecurity, says that because of the sheer amount of customer data retail businesses collect, stores have become the No. 1 target of cybercriminals. Data from Trend Micro, a leading provider of antivirus services, shows that\u00a0<\/span>77% of retail organizations were hit by ransomware in 2021<\/span><\/a>, an increase of 33% over the previous year.<\/span>\u00a0<\/span><\/p>\n

Payment card data is the new currency, which is what retailers small to large have in abundance.<\/span>\u00a0<\/span><\/p>\n

Cybersecurity is a popular topic, especially in October because it\u2019s traditionally Cybersecurity Awareness Month and 2023 marks the 20<\/span>th<\/span>\u00a0anniversary of its creation.<\/span>\u00a0<\/span><\/p>\n

[\/et_pb_text][et_pb_text admin_label=”Pandemic hangover” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

PANDEMIC HANGOVER<\/span><\/b>\u00a0<\/span><\/h3>\n

It\u2019s hard to put all the blame on the COVID-19 pandemic for retail\u2019s problem with cybersecurity. Certainly, it was an issue well before 2020. But when businesses were forced to close their brick-and-mortar stores, they had to find another way to make sales, and e-commerce launched like a rocket.<\/span>\u00a0<\/span><\/p>\n

Web store sales and the subsequent increase in credit and payment card transactions enlarged every store\u2019s digital footprint, and the bigger the digital footprint, the easier it is to stub a toe.<\/span><\/p>\n

[\/et_pb_text][et_pb_text admin_label=”Social engineering” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

SOCIAL ENGINEERING IS SOCIALLY UNACCEPTABLE\u00a0<\/span><\/b>\u00a0<\/span><\/h3>\n

So now, the definition of social engineering has changed. Carnegie Mellon University defines it as \u201cthe tactic of manipulating, influencing, or deceiving a victim to gain control over a computer system, or to steal personal and financial information. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.\u201d<\/span>\u00a0<\/span><\/p>\n

The perpetrators, either through emails or phone calls, impersonate someone, often a security provider or contractor, to gain access to their victim\u2019s business network. These pretexts can include:<\/span>\u00a0<\/span><\/p>\n

Phishing<\/span><\/strong>\u00a0\u2013 emails, texts, or phone calls attempting to obtain information such as computer usernames or passwords.<\/span>\u00a0<\/span><\/p>\n

Baiting<\/span><\/strong>\u00a0\u2013 a type of attack that involves a scammer using a false promise to get victims into opening malicious attachments or visiting false websites.<\/span>\u00a0<\/span><\/p>\n

Scareware<\/span><\/strong>\u00a0<\/strong>\u2013 involves convincing victims that their computers or networks are already infected with malware to gain access.<\/span>\u00a0<\/span><\/p>\n

The 2023 Verizon Data Breach Investigation Report shows that these kinds of attacks have nearly doubled over the past few years and now represent more than half of all incidents. Of them:<\/span><\/p>\n

[\/et_pb_text][et_pb_blurb title=”74% involve people either mistakenly responding to an email, text, or phone call, or use of stolen credentials. ” use_icon=”on” font_icon=”||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – 74%” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”83% involve external people, not with the business being violated. ” use_icon=”on” font_icon=”||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – 83%” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”95% are financially driven. ” use_icon=”on” font_icon=”||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – 95%” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_text admin_label=”Reverse engineering” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

REVERSE ENGINEERING<\/span><\/b>\u00a0<\/span><\/h3>\n

The National Cybersecurity Alliance suggests some incredibly simple behaviors to avoid becoming a victim of a social engineering, or any other kind of attack.<\/span>\u00a0<\/span><\/p>\n

Use strong passwords and enlist a password manager.<\/span><\/strong>The NCA says passwords should be long, unique and complex. They should be at least 12 characters. They should be unique \u2013 don\u2019t reuse them and none should look alike. They should also have a good mix of upper and lower cases, numbers and letters, and special characters. The National Institute of Standards and Technology recommends changing passwords every few months, too.<\/span>\u00a0<\/span><\/p>\n

Password managers can help with this. They help manage hundreds of passwords for online accounts, protect a user\u2019s identity, notify users of potential phishing, and alert users when a password might be compromised.<\/span>\u00a0<\/span><\/p>\n

Turn on multifactor authentication.\u00a0<\/span><\/strong>Although it probably seems like a simple solution, having two steps \u2013 or two passwords \u2013 to access online accounts simply doubles their security. These passwords can range from simple PINs (personal identification numbers) to security questions (What is your hometown?) to biometric identifiers such as facial or fingerprint identification.<\/span>\u00a0<\/span><\/p>\n

Recognize and report phishing.<\/span><\/strong>It might seem simple, but recognizing phishing is as simple as recognizing any other kind of fraud. Does it smell funny?<\/span>\u00a0<\/span><\/p>\n

Does it:<\/span>\u00a0<\/span><\/p>\n

[\/et_pb_text][et_pb_blurb title=”Come from an unfamiliar source?” use_icon=”on” font_icon=”\||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – Come from” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”Have an offer that seems too good to be true? ” use_icon=”on” font_icon=”\||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – Have an offer” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”Ask for personal information?” use_icon=”on” font_icon=”\||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – Ask for” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”Stress urgency and ask for users to click on unfamiliar links or open attachments?” use_icon=”on” font_icon=”\||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – Stress urgency” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_blurb title=”Or just not look right? Misspellings, odd language, strange email address.” use_icon=”on” font_icon=”\||divi||400″ icon_color=”#cc6633″ icon_placement=”left” admin_label=”Blurb – Or just” _builder_version=”4.25.0″ _module_preset=”default” animation_style=”fade” animation_delay=”1000ms” global_colors_info=”{}”][\/et_pb_blurb][et_pb_text admin_label=”If it does” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ hover_enabled=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}” sticky_enabled=”0″]<\/p>\n

If it does, do with it what you would do with any bad fish \u2013 trash it and\/or report it. Most good IT managers have a way to report phishy emails.<\/span>\u00a0<\/span><\/p>\n

Update software.<\/span><\/strong>Software companies update their products for several reasons, and one is to keep them and their users safe. That\u2019s why it\u2019s always important to update whenever asked, although only download updates if they come from your provider. They can contain malware and viruses just like any phishing product.<\/span>\u00a0<\/span><\/p>\n

Point of sale and retail management software providers often offer services to manage their products and make life easier for their customers.\u00a0<\/span>\u00a0<\/span><\/p>\n

Updates are often required to maintain PCI compliance which keeps stores operating safely.<\/span>\u00a0<\/span><\/p>\n

\u201cWindows\u00a0<\/span>u<\/span>pdates are extremely important. If users\u00a0<\/span>don\u2019t<\/span>\u00a0update their software regularly,\u00a0<\/span>they\u2019re<\/span>\u00a0just making it easier for\u00a0<\/span>bad guys to get in there and do something,\u201d says Brandon Hays, Managed Services Lead for\u00a0Paladin Data Corporation<\/a>, a leading provider of retail management<\/span>\u00a0software solutions. \u201cThat said, Windows updates is set to auto<\/span>matically install by default. That means\u00a0<\/span>it\u2019s<\/span>\u00a0going to install whenever it wants\u00a0<\/span>to,<\/span>\u00a0and it requires a reboot to complete the installation.<\/span><\/span><\/p>\n

\u201cIf a store is in the mi<\/span>ddle of ringing up a sale and\u00a0<\/span>there\u2019s<\/span>\u00a010 people in line and the server decides to start a Windows update, that store goes down<\/span>\u00a0until the update is complete<\/span>.<\/span>\u00a0That\u2019s<\/span>\u00a0why we introduced Paladin Managed Updates\u2122. We have a solution to control Windows updates in a way that\u00a0<\/span>it\u2019s<\/span>\u00a0not interfering with business operations.<\/span>\u201d<\/span><\/span>\u00a0<\/span><\/p>\n

Managed Updates\u2122 is a product that verifies and tests software updates and either blocks them, if they can\u2019t be verified, or schedules them for downloads after business hours. This prevents distracting update popup messages from slowing down business operations.<\/span>\u00a0<\/span><\/p>\n

[\/et_pb_text][et_pb_text admin_label=”Low tech” _builder_version=”4.25.0″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

LOW TECH ATTACKS, HIGH QUALITY RESPONSE<\/h3>\n

Not every cyberattack requires a team of coders or loads of technical knowledge. Anyone with a phone, a little bit of research, some knowledge of protocols, and a little bit of audacity can gain access to a business\u2019s network.<\/span>\u00a0<\/span><\/p>\n

Earlier this year, one hardware store received a call from a person who claimed to be with the company that provided his store\u2019s technical support. The caller said he was responding to a help request and asked for the store\u2019s support credentials and password. If the employee had surrendered that information, the caller, using a remote monitoring and management program, would have gained access to the store\u2019s network where they could have turned that business upside down.<\/span>\u00a0<\/span><\/p>\n

Luckily for the store, the astute employee was suspicious that a support technician would need that kind of information. He phoned his store\u2019s technology provider to find out if there was any kind of support request. He found out there were no outstanding help requests and, in doing so, saved his store a big headache that could have ended in lost data or worse.<\/span>\u00a0<\/span><\/p>\n

\u201cMost of our clients are small, independent business owners. They have just a few computer terminals. They\u00a0<\/span>don\u2019t<\/span>\u00a0have enough resources for an IT departm<\/span>ent, which covers antivirus, backup solutions, and general network management.\u00a0<\/span>That\u2019s<\/span>\u00a0where we can help.\u00a0<\/span>We\u2019re<\/span>\u00a0the IT guys. Our Managed Services handles those ch<\/span>ores for these businesses, plus we take care of their point-of-sale software and system,\u201d Hays explains.<\/span><\/span>\u00a0<\/span><\/p>\n

This story is proof that a little bit of skepticism about everything from answering a phone call to responding to an email is a good thing. It\u2019s also proof that a relatively new category of cybercrime \u2013 social engineering \u2013 is spreading like a virus.<\/span>\u00a0<\/span><\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Author” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” use_border_color=”off” border_color=”#ffffff” border_style=”solid” global_colors_info=”{}”]<\/p>\n

brian bullock\u00a0<\/span><\/h3>\n

Author<\/span> [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

Because of the amount of customer data retailers collect, stores have become the No. 1 target of cybercriminals using social engineering.<\/p>\n","protected":false},"author":13,"featured_media":29558,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"
\"Images<\/td><\/tr><\/tbody><\/table>

\u00a0<\/h2>

Retail is a Choice Target for Social Engineering<\/h1>

by Brian Bullock | September 29, 2023<\/span><\/b><\/span><\/p>

Dutch industrialist Jacob Cornelis van Marken coined the term \u201cSocial Engineering\u201d back in the 1890s when he was describing work being done to \u201cimprove what was amiss in the world.\u201d Nearly 150 years later, social engineering now describes something completely different. It\u2019s the way cybercriminals try to manipulate people to steal information, data and money from businesses and organizations of all sizes and retail stores are among their prized targets.<\/span>\u00a0<\/span><\/p>

Fortinet, a global leader in cybersecurity, says that because of the sheer amount of customer data retail businesses collect, stores have become the No. 1 target of cybercriminals. Data from Trend Micro, a leading provider of antivirus services, shows that <\/span>77% of retail organizations were hit by ransomware in 2021<\/span><\/a>, an increase of 33% over the previous year.<\/span>\u00a0<\/span><\/p>

Payment card data is the new currency, which is what retailers small to large have in abundance.<\/span>\u00a0<\/span><\/p>

Cybersecurity is a popular topic, especially in October because it\u2019s traditionally Cybersecurity Awareness Month and 2023 marks the 20<\/span>th<\/span> anniversary of its creation.<\/span>\u00a0<\/span><\/p>

Pandemic hangover<\/span><\/b>\u00a0<\/span><\/h2>

It\u2019s hard to put all the blame on the COVID-19 pandemic for retail\u2019s problem with cybersecurity. Certainly, it was an issue well before 2020. But when businesses were forced to close their brick-and-mortar stores, they had to find another way to make sales, and e-commerce launched like a rocket.<\/span>\u00a0<\/span><\/p>

Web store sales and the subsequent increase in credit and payment card transactions enlarged every store\u2019s digital footprint, and the bigger the digital footprint, the easier it is to stub a toe.\u00a0<\/span>\u00a0<\/span><\/p>

Social engineering is socially unacceptable\u00a0<\/span><\/b>\u00a0<\/span><\/h2>

So now, the definition of social engineering has changed. Carnegie Mellon University defines it as \u201cthe tactic of manipulating, influencing, or deceiving a victim to gain control over a computer system, or to steal personal and financial information. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.\u201d<\/span>\u00a0<\/span><\/p>

The perpetrators, either through emails or phone calls, impersonate someone, often a security provider or contractor, to gain access to their victim\u2019s business network. These pretexts can include:<\/span>\u00a0<\/span><\/p>

Phishing<\/b><\/span> \u2013 emails, texts, or phone calls attempting to obtain information such as computer usernames or passwords.<\/span>\u00a0<\/span><\/p>

Baiting<\/b><\/span> \u2013 a type of attack that involves a scammer using a false promise to get victims into opening malicious attachments or visiting false websites.<\/span>\u00a0<\/span><\/p>

Scareware<\/b><\/span> \u2013 involves convincing victims that their computers or networks are already infected with malware to gain access.<\/span>\u00a0<\/span><\/p>

The 2023 Verizon Data Breach Investigation Report shows that these kinds of attacks have nearly doubled over the past few years and now represent more than half of all incidents. Of them:<\/span><\/p>