Greg's Corner

Tagged: social engineering Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 8:34 am on September 18, 2023 Permalink | Reply
  Tags: cyberattack, cybersecurity ( 34 ), MGM Resorts, ransomware ( 11 ), Scams ( 1,225 ), social engineering   

  What does the MGM casino cyberattack mean to you? 

  

  By Greg Collier

  When we think of someone stealing from a casino, we may think of someone cheating at the tables. Or we may think of one of the famous heist movies like Ocean’s Eleven, whether it’s the Frank Sinatra or the George Clooney version. What we probably don’t think about is a chain of Las Vegas casinos being held hostage by hackers after a ten-minute phone call. Unfortunately, that’s what appears to have happened to the casinos owned by MGM Resorts this past week.

  While MGM themselves are being tight-lipped about the situation, it seems that a hacker collective found an upper management employee of MGM Resorts on LinkedIn. The hackers then posed as this employee and called MGM’s IT help desk. While speaking with the person at the help desk for only ten minutes, the hackers were able to obtain the information needed to access MGM Resorts’ internal computer systems.

  Once the hackers had the keys to the kingdom, so to speak, they infected MGM’s systems with ransomware. For the next few days, MGM Resorts had to shut down many of its systems, which greatly affected their business. Slot machines were inoperable, and the hotels could not issue electronic room keys to guests, just to name a few of the problems. The casinos even had to revert to giving out handwritten receipts to some of its winners.

  MGM has stated they will not give in to the hackers’ demands.

  So what does MGM’s trouble’s mean to the average consumer? Well, this kind of impersonation attack is known as social engineering and can be used in a multitude of scams. Social engineering is a form of manipulation and psychological persuasion that is often used for malicious purposes. It involves exploiting human psychology and social interactions to trick individuals or groups into divulging confidential information, granting access to restricted areas, or performing actions that may compromise security.

  If social engineering can be used against a multi-billion dollar corporation, it can be used and be successful against anyone. Protecting oneself from social engineering attacks involves a combination of awareness, skepticism, and proactive measures.

  Always verify requests for sensitive information, access, or actions, especially if they come via email, phone calls, or in-person interactions. Use trusted contact information to confirm the legitimacy of the request with the supposed authority or organization.

  Be cautious of unsolicited communications from unknown or unexpected sources. Verify the identity of the person or organization before sharing sensitive information or complying with their requests.

  By adopting these practices and fostering a security-conscious mindset, individuals can significantly reduce their vulnerability to social engineering attacks and help protect their personal and organizational assets.

   

  Leave a ReplyCancel reply
• 

  Geebo 8:00 am on October 18, 2022 Permalink | Reply
  Tags: phone scam ( 45 ), Scams ( 1,225 ), sim swapping ( 8 ), social engineering, two factor authentication ( 17 ), Zelle ( 62 )   

  This phone scam could steal your life 

  

  By Greg Collier

  How much of a panic would you be in if you lost your phone? Can your personal or business email accounts be accessed through your phone? Is your phone locked with a PIN or password? Or is it secured using a fingerprint or facial ID? Do you have banking apps that require a PIN or fingerprint to access? Could any random stranger just pick up your phone and start accessing your money and information? Even if your phone is completely locked down and secure from physical access by outsiders, there’s still a way you can lose all access to your phone without actually losing your phone.

  There is a scam out there that most mobile phones are vulnerable to, and it’s known as SIM-swapping. The name SIM-swapping is a misnomer, since physical access to your phone’s SIM card is not necessary. SIM-swapping works when scammers or identity thieves contact your mobile phone carrier and pose as you. The scammer will use information they’ve found out about you to convince the phone carrier they are you. This is known as social engineering.

  Once the scammer convinces the phone carrier that they’re you, they’ll have the phone company switch your service from your phone to theirs. As soon as that happens, the scammers have direct access to your phone number and text messages. Since most of us who use two-factor authentication have the authorization codes sent to our text messages, the scammers can then access any number of your personal accounts, including your financial accounts.

  This recently happened to a victim from Tennessee. She had received a text message from her carrier indicating a change on her account before her phone service went completely dead. She called her carrier, and another name had been added to the account. By the time she had her service restored, scammers had transferred thousands out of her bank account through the Zelle app.

  There are ways to protect yourself from SIM-swapping. One way is to use an authenticator app instead of using text messages for your two-factor authentication. Authenticator apps are tied to the device instead of being tied to a phone number. Also, when filling out your security questions for online accounts, don’t give the correct answers. Information like your high school mascot or your pet’s name can be discovered on your social media. Lastly, you can contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen, you may have to visit your carrier’s store with your ID.