The National Cybersecurity and Communications Integration Center (NCCIC) recently released information on a security threat facing Managed Service Providers and their customers.
It starts with a phone call. A hacker will call your receptionist or front desk employee, claiming to be from a local business in search of a new MSP or IT Provider. They will then ask who your company uses and if you recommend them. After some chit chat, the hacker will politely hang up. The hacker will then take the information they were provided and use social media outlets such as LinkedIn or Facebook to gather information on your company’s personnel.
Using the online tools available to them, the hacker collects as much information on your employees, company, and your Managed Service or IT Provider as possible. They will call back the following day and identify themselves as a representative from your provider. Next, they will ask to speak to someone specific, a person they have researched as being a manager, owner, or network administrator in your company who will have permissions to your computer system. Once they get through, the hacker will ask for remote access to a computer to “apply some updates”. The manager will probably find nothing unusual with the call, as they are used to speaking with many different people from their Managed Service Provider. The hacker will professionally and apologetically explain that, “Our normal remote access system is down, and I can call you back when you leave for lunch today. When would that be?”. The manager may agree and give the hacker control of their system. Just like that, the entire business could be compromised.
The ability to blend in like this makes hackers faster, smarter, and far more dangerous. When it comes to vendors, remember these three tips and help keep your business safe:
- Educate your team on the threat.
- Never give out information about any vendors you use, IT Provider or otherwise, unless you are positive of who you are speaking with.
- Call your IT Provider to verify that a request for remote access is legitimate if you are unsure.
As always, employee education is the most important step to ensure business security. If you have any questions about this or other security threats, contact the World Synergy help desk at 833.482.8474. To view the full details on this security alert from the NCCIC, click here.