Social Engineering Scams Are The Easiest Way to Hack Into Your Mac

Posted on by Tim Hannon in Computer Basics, Security/Privacy

You are the weakest link in your computer’s security! Please keep reading this important Tech Tip. If you’re not already aware of this fact, I hate to be the bearer of bad news, but the easiest way for a hacker to get into your Mac is through you. Tricking you into divulging information, installing software or giving remote access to your Mac is the easiest way to break in to your Mac. Tricking you is often called social engineering.

Please watch for social engineering scams. They most commonly occur via email or telephone, but they can also occur in-person. Let’s start by looking at the Computer Desktop Encyclopedia’s definition of Social Engineering:

Using deception to obtain confidential information from someone by phone or in person. For example, “social engineers” may persuade someone to reveal an ID or password for a supposed benign purpose (“my computer is down, can I use yours in the meantime”). They can even walk in off the street and pretend to be from IT doing a routine inspection.

Sometimes, a combination of social engineering and hacker skills are used to steal information. However, no matter how secure a network may be, the “con” played by the social engineer is often the most effective way to break in.
Outside the computer world, social engineering means to influence attitudes and behaviors.

My clients tend to wonder what security software they should install on their Macs to protect their Mac. While I recommend MalwareBytes for Mac and Sophos Anti-Virus, both of these applications will only detect bad software, called malware, after it has been installed. All malware that I’ve seen on Macs over the past 2 years has been installed by the user themselves. Thus, these users all fell victim to social engineering. They might have been tricked by a fake Adobe Flash installer or by a bogus alert while viewing web pages or by clicking on a link in an email.

Social engineering-type attacks that occur via email are called phishing scams. Phishing is pronounced fishing. A phishing email might appear to be from a bank you use or from Apple. These emails will likely contain links asking you to fill in a form. If you did this then you would end up divulging personal information. Read my older Tech Tip to learn how to detect bogus emails.

You can learn how to avoid social engineering phone scams by reading another one of my Tech Tips.

Recommendations

To avoid being the weakest link educate yourself by reading this Tech Tip and the other tips that I list in this article.  Then, be ever vigilant when using your Mac. Be especially cautious when clicking on any link in an email. When installing software make sure you know that the software installer comes from a trusted web site. Next, protect your Mac by having at least one full backup of your Mac, created by Apple’s Time Machine backup application. If your Mac were to be infected by a nasty type of malware, called Ransomware, then we could regain control of your Mac by erasing your Mac and restoring everything from your Time Machine backup.

Please consider sending this article on to your friends and family to help educate them.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.