Social Engineering: The Human Hack

Jul 13, 2026

Cybercriminals often target people rather than technology. This is called social engineering. Social engineering attacks trick people into disclosing sensitive information, downloading harmful software, visiting unsafe websites, sending money to criminals, or making other errors that put their personal or organizational security at risk, according to IBM.

These attacks can also serve as the first step to a larger-scale cyberattack, with the cybercriminal convincing the victim to share a username and password, and then use that information to install ransomware on a store network or computer. 

A caller may claim to be from corporate headquarters, a vendor, or technical support. An email may appear to come from a trusted source. In each case, the attack depends on an employee acting before verifying the request.

For example, several IGA stores have reported receiving a call from an IGA district manager named Ron Williams (who does not exist) concerning an upcoming FDA inspection. During the call, this person asks for a compliance payment over the phone. 

Please train your employees to slow down, ask questions, and follow established procedures, as this practice remains one of the most effective cybersecurity controls available. Remind employees to never issue payments over the phone that have not been authorized directly from the store owner, no matter how "important" the caller makes it seem.

3 Takeaways
  1. Be suspicious of urgent requests demanding immediate action.
  2. Verify identities before sharing information or granting access.
  3. Encourage employees to ask questions when something feels unusual.

You May Also Like

These Stories on From the Desk of

Subscribe by Email

No Comments Yet

Let us know what you think