Orion Matthews
Orion Matthews

The world is full of cybercriminals. They penetrate complicated data structures of huge credit-monitoring companies like Equifax and snatch personal information from millions of people. They release sensitive customer data from discreet businesses like Ashley Madison to the public. They spy on celebrities through webcams, lockdown public utility systems like the German railway, and steal thousands of gigabytes of information from high-profile government entities like the CIA.

Cybercriminals also target small businesses like yours — and extort them for thousands of dollars. Having a dedicated security team equipped with the most up-to-date technology is critical — but it’s not enough. You must stay informed.

So, let’s take a look at the five most common ways cybercriminals infiltrate a network.



Phishing is an age-old cybercrime. If you’ve ever received an email from a “Nigerian prince” asking for money, you’ve been targeted with a phishing scam.

Most phishing scams work like this: You receive an email from a “high-ranking employee” with whom you’ve been working on a project. The email instructs you to click on a link so the sender can access “vital information” for the project.

When you click on the link, it rapidly installs malware on your computer which spreads through your network and locks out everyone in the company.

While most phishing emails are easy to spot, they’re becoming increasingly sophisticated. As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company.”

For example, one well-meaning system administrator opened a PDF titled, “How to Avoid a Phishing Attack.” It spread malware to the company server! How’s that for irony?


Social engineering is a type of hacking that uses real people to carry out an attack, rather than intricate lines of code.

Social engineers call you pretending they’re someone else and try to get emails, passwords, and other information from you that they can later use for an attack.

So what does social engineering look like? Here’s an example: Your IT guy receives a call from the “secretary” of one of your clients. She says she’s experiencing problems with your service due to a firewall.

Convinced, your IT professional alters the firewall to accommodate the “secretary.” Before you know it, a cybercriminal has access to your entire security system or lack thereof.


Despite your best efforts, it doesn’t take much for a cybercriminal to obtain company passwords.

Hackers are great at guessing easy passwords, but even clever and complicated ones filled with exclamation points and random numbers are accessible too.

Do you know those “security” questions that allow you to reset a password? Like, “What was the name of your first dog?” or “When is your anniversary?” Cybercriminals can easily find answers to those through social engineering or social media and hack into business-critical accounts.


Fault injection is when sophisticated hackers scan your business’s network or software source code for weak points.

Once located, hackers target weak points to deliver viruses, redirect website links to malware and crash your system.


Some hackers hand out USB sticks with malware on them in hopes you’ll stick one into your computer. Be wary of the USB sticks you’re handed at conferences or other industry events. Never use a USB stick if you don’t know its origin.

So with so many cyber threats out there, how do you protect yourself?

Knowing the strategies hackers deploy is only half the battle. Cybercrime techniques are constantly changing — it’s impossible to keep up by yourself.

 At Queryon, we want to help. Let’s talk!

Other Articles