opinion

Beware of Social Engineering Hacks

Beware of Social Engineering Hacks

In case you’ve never heard of social engineering hacks, they are cyberattacks that prey on individual people. The intent is to get victims to divulge private information or take actions, precisely planned by the attacker, that will lead to a security breach. Social engineering hacks can be as damaging to you personally as they are to your business or website. For example, if your hosting account is infiltrated, attackers can hijack your servers to profit from sending spam, mining crypto or victimizing others, while you pay the bill.

As insidious as that sounds, such “hacks” have less to do the technology side than you might think. In fact, most people simply call such attackers “scammers” because they frequently impersonate people or companies and incite fear or urgency to get what they want. Sound familiar? Maybe you’ve been bombarded with fake support calls supposedly from big companies like Microsoft and Amazon, or threatening calls claiming to be from the IRS, banks or credit card companies. These are all social engineering hacks.

These hacks only work when you let them. Remember, any strange experience you encounter throughout your day could be some scam or attack.

Phishing emails are one of the most common examples. Everyone has seen these; they appear in your inbox as “warning” emails or notices purporting to be from a legitimate company. You’re often prompted to enter your username and password by clicking a link, only to find out they don’t work. That is because the website on the other end of the link is fake; it isn’t possible to log in even if the password is correct. Instead, what has happened is that you’ve given your credentials to a hacker, who then will try to access your account with the exact details you’ve just provided. To make matters worse, the first thing most people do when their password doesn’t work is input other passwords they commonly use, thereby giving a hacker even more data to work with.

Whenever you hear someone say they’ve “been hacked,” it triggers visions of someone wearing a black hoodie sitting in front of a laptop in a dark room late at night, banging away at a keyboard and finding ways into your accounts. But most hacking doesn’t involve fancy keyboard wizardry. It is much easier for attackers to trick you into giving them what they want.

Social engineering hacks are predicated on trust and poor due diligence. If you’ve ever been annoyed by real banks or credit card companies frequently and rigorously verifying your account when you call, you’ve experienced good diligence. The reason these organizations ask you security questions before talking to you about your account is to thwart social engineering hacks.

The infamous John McAfee of McAfee Antivirus once stated that, as a hacker, he used social engineering more than anything else to compromise systems. He said that 75% of the average hacker’s toolkit was social engineering tactics, and the most successful hackers use them 90% of the time. In an interview with Business Insider about how he might hack the Pentagon, McAfee explained, “You want to find the weakest link.” After all, we are all fallible humans and can fall for tricks.

The good news is that your highly firewalled and fortified hosting environments are not the weakest link. Often, the weak link is sloppily written custom software — or the person holding the keys, as in the case of the LastPass hacking debacle. In the LastPass data breach, a DevOps engineer’s home computer was targeted directly, and attackers exploited a vulnerable piece of third-party software — Plex Media Server — that had not been patched. Plex had issued a patch for the bug years earlier, but it was never installed on the victim’s machine. Oops.

You may ask yourself, “If social engineering hacks are so effective, how can I protect myself?” The answer is simple: Trust is earned, not given.

These hacks only work when you let them. Remember, any strange experience you encounter throughout your day could be some scam or attack. It is impossible to learn and know every particular scam there is because they change all the time. Often, these hacks are the same basic scam, just repackaged a little differently.

The best way to spot social engineering attacks and scams is to know how real organizations like banks or credit card companies verify your identity, and what email addresses and website domains should appear in their emails. It isn’t hard to check the “from” email address to see if the domain of the sender’s email is wrong or if the link in the email body goes to some random website rather than to your bank. It may seem counterintuitive, but when Secret Service agents are trained to spot counterfeiting, they focus more on what real money looks like because every counterfeit is different. Ultimately, you can always directly call any company you deal with if you need assurance via email or phone. Most customer service agents are trained to tell you to do this if you’re unsure it is really them calling.

On top of that, the massive acceleration in artificial intelligence is making it even harder to truly know what is fake or real. There is already sophisticated software for making deepfake photos, videos and audio. AI has given hackers new tools to proliferate their attacks worldwide, and nobody is safe from it. Don’t let your guard down.

As I said during my keynote at XBIZ LA in January, it is vital to hold ourselves to a higher standard because we are the adult industry. There is a responsibility to be more vigilant because of the sensitivity of our business niche. Imagine the damaging information to be exploited from a performer’s computer if compromised. Imagine the life-ruining account details and data that could be gleaned from a porn paysite or creator platform’s user database. These attack vectors are severe and frightening, and it is critical to avoid half measures.

Brad Mitchell is the founder of MojoHost, which has served the industry for nearly two decades and has been named XBIZ Web Host of the Year several times. He regularly shares insights as a panelist at trade shows. Contact brad@mojohost.com to learn more about the suite of services his company offers.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More