How to Protect Yourself From Tailgating Attacks

Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it. 

Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference: 

• Piggybacking occurs when a person knowingly allows an unauthorized person into a restricted location—such as holding a secured door open for them. 
• Tailgating occurs when an unauthorized person slips into a restricted area without someone knowing—perhaps because someone left a secured door ajar. 

In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.  

Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property. 

Businesses and organizations that find themselves at risk include those that: 

• Have many employees, often moving inside and out of the premises. 
• Have multiple entrance points into a building. 
• Receive deliveries of food, packages, and documents regularly. 
• Employ a sizable number of subcontractors. 
• Lack training in physical and cybersecurity protocols. 

Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building. 

However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace. 

Common types of piggybacking and tailgating attacks 

Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by: 

• Posing as a delivery driver bringing in packages or food. 
• Claiming they work in the building and that they left their ID at home. 
• Carrying a bulky load of boxes and hoping you’ll open the door to help. 
• Disguising themselves as a vendor, like a service worker or IT consultant. 
• Similarly, disguising themselves as an executive or V.I.P. who’s in a hurry. 

In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature. 

How to prevent piggybacking and tailgating attacks 

A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.  

Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include: 

• Don’t hold the door for anyone you don’t recognize as an employee. 
• Direct strangers who appear lost to a reception area. 
• Always close secure doors and ensure they lock. 
• Report any issues with a secure door, such as if it doesn’t close properly or closes too slowly. 

Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage. 

• Use a lock screen on your computer to prevent access to networks and files. 
• Consider tethering your laptop to your desk with a laptop lock to prevent grab-and-run theft. 
• Securely store any printed materials.  
• Keep your personal items on your person, like your keys, smartphone, and other valuables. 

Don’t hold the door 

Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.  

The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.

What Is Smishing and Vishing, and How Do You Protect Yourself?

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis. 

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself. 

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data. 

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing? 

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages. 

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware. 

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details: 

• “We have detected unusual activity on your account. Please call this number to speak to a customer service representative.” 
• “You have won a free gift card! Click here to claim your prize.” 
• “Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.” 
• “Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.” 
• “Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?” 

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.  

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account. 

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself. 

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips: 

• Be suspicious of any text messages that ask for personal information or include a link. 
• Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off. 
• Look for errors in spelling or grammar. This can be another sign that the message is not legitimate. 
• Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking. 
• If you’re not expecting a message from the sender, be extra cautious. 
• If you’re unsure whether a text message is legitimate, call the company or organization directly to verify. 

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links. 

To set up spam filters on your iPhone: 

1. Go to the Settings App 
2. Go to Messages 
3. Find the Filter Unknown Senders option and turn it on 

To set up spam filters on your Android mobile device: 

1. Go to the Messaging App 
2. Choose Settings 
3. Tap Spam Protection and turn on Enable Spam Protection 

Use McAfee Mobile Security 

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones. 

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches. 

Other benefits include: 

• Antivirus 
• Secure VPN for privacy online 
• Identity monitoring for up to 10 emails 
• Guard your identity against risky Wi-Fi connections 
• Safe browsing 
• System Scan for the latest updates 

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important. 

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.  

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure. 

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected. 

The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.