opinion

Beware of Social Engineering Hacks

Beware of Social Engineering Hacks

In case you’ve never heard of social engineering hacks, they are cyberattacks that prey on individual people. The intent is to get victims to divulge private information or take actions, precisely planned by the attacker, that will lead to a security breach. Social engineering hacks can be as damaging to you personally as they are to your business or website. For example, if your hosting account is infiltrated, attackers can hijack your servers to profit from sending spam, mining crypto or victimizing others, while you pay the bill.

As insidious as that sounds, such “hacks” have less to do the technology side than you might think. In fact, most people simply call such attackers “scammers” because they frequently impersonate people or companies and incite fear or urgency to get what they want. Sound familiar? Maybe you’ve been bombarded with fake support calls supposedly from big companies like Microsoft and Amazon, or threatening calls claiming to be from the IRS, banks or credit card companies. These are all social engineering hacks.

These hacks only work when you let them. Remember, any strange experience you encounter throughout your day could be some scam or attack.

Phishing emails are one of the most common examples. Everyone has seen these; they appear in your inbox as “warning” emails or notices purporting to be from a legitimate company. You’re often prompted to enter your username and password by clicking a link, only to find out they don’t work. That is because the website on the other end of the link is fake; it isn’t possible to log in even if the password is correct. Instead, what has happened is that you’ve given your credentials to a hacker, who then will try to access your account with the exact details you’ve just provided. To make matters worse, the first thing most people do when their password doesn’t work is input other passwords they commonly use, thereby giving a hacker even more data to work with.

Whenever you hear someone say they’ve “been hacked,” it triggers visions of someone wearing a black hoodie sitting in front of a laptop in a dark room late at night, banging away at a keyboard and finding ways into your accounts. But most hacking doesn’t involve fancy keyboard wizardry. It is much easier for attackers to trick you into giving them what they want.

Social engineering hacks are predicated on trust and poor due diligence. If you’ve ever been annoyed by real banks or credit card companies frequently and rigorously verifying your account when you call, you’ve experienced good diligence. The reason these organizations ask you security questions before talking to you about your account is to thwart social engineering hacks.

The infamous John McAfee of McAfee Antivirus once stated that, as a hacker, he used social engineering more than anything else to compromise systems. He said that 75% of the average hacker’s toolkit was social engineering tactics, and the most successful hackers use them 90% of the time. In an interview with Business Insider about how he might hack the Pentagon, McAfee explained, “You want to find the weakest link.” After all, we are all fallible humans and can fall for tricks.

The good news is that your highly firewalled and fortified hosting environments are not the weakest link. Often, the weak link is sloppily written custom software — or the person holding the keys, as in the case of the LastPass hacking debacle. In the LastPass data breach, a DevOps engineer’s home computer was targeted directly, and attackers exploited a vulnerable piece of third-party software — Plex Media Server — that had not been patched. Plex had issued a patch for the bug years earlier, but it was never installed on the victim’s machine. Oops.

You may ask yourself, “If social engineering hacks are so effective, how can I protect myself?” The answer is simple: Trust is earned, not given.

These hacks only work when you let them. Remember, any strange experience you encounter throughout your day could be some scam or attack. It is impossible to learn and know every particular scam there is because they change all the time. Often, these hacks are the same basic scam, just repackaged a little differently.

The best way to spot social engineering attacks and scams is to know how real organizations like banks or credit card companies verify your identity, and what email addresses and website domains should appear in their emails. It isn’t hard to check the “from” email address to see if the domain of the sender’s email is wrong or if the link in the email body goes to some random website rather than to your bank. It may seem counterintuitive, but when Secret Service agents are trained to spot counterfeiting, they focus more on what real money looks like because every counterfeit is different. Ultimately, you can always directly call any company you deal with if you need assurance via email or phone. Most customer service agents are trained to tell you to do this if you’re unsure it is really them calling.

On top of that, the massive acceleration in artificial intelligence is making it even harder to truly know what is fake or real. There is already sophisticated software for making deepfake photos, videos and audio. AI has given hackers new tools to proliferate their attacks worldwide, and nobody is safe from it. Don’t let your guard down.

As I said during my keynote at XBIZ LA in January, it is vital to hold ourselves to a higher standard because we are the adult industry. There is a responsibility to be more vigilant because of the sensitivity of our business niche. Imagine the damaging information to be exploited from a performer’s computer if compromised. Imagine the life-ruining account details and data that could be gleaned from a porn paysite or creator platform’s user database. These attack vectors are severe and frightening, and it is critical to avoid half measures.

Brad Mitchell is the founder of MojoHost, which has served the industry for nearly two decades and has been named XBIZ Web Host of the Year several times. He regularly shares insights as a panelist at trade shows. Contact brad@mojohost.com to learn more about the suite of services his company offers.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Fighting Back Against AI-Fueled Fake Takedown Notices

The digital landscape is increasingly being shaped by artificial intelligence, and while AI offers immense potential, it’s also being weaponized. One disturbing trend that directly impacts adult businesses is AI-powered “DMCA takedown services” generating a flood of fraudulent Digital Millennium Copyright Act (DMCA) notices.

Corey D. Silverstein ·
opinion

Building Seamless Checkout Flows for High-Risk Merchants

For high-risk merchants such as adult businesses, crypto payments are no longer just a backup plan — they’re fast becoming a first choice. More and more businesses are embracing Bitcoin and other digital currencies for consumer transactions.

Jonathan Corona ·
opinion

What the New SCOTUS Ruling Means for AV Laws and Free Speech

On June 27, 2025, the United States Supreme Court handed down its landmark decision in Free Speech Coalition v. Paxton, upholding Texas’ age verification law in the face of a constitutional challenge and setting a new precedent that bolsters similar laws around the country.

Lawrence G. Walters ·
opinion

What You Need to Know Before Relocating Your Adult Business Abroad

Over the last several months, a noticeable trend has emerged: several of our U.S.-based merchants have decided to “pick up shop” and relocate to European countries. On the surface, this sounds idyllic. I imagine some of my favorite clients sipping coffee or wine at sidewalk cafés, embracing a slower pace of life.

Cathy Beardsley ·
profile

WIA Profile: Salima

When Salima first entered the adult space in her mid-20s, becoming a power player wasn’t even on her radar. She was simply looking to learn. Over the years, however, her instinct for strategy, trust in her teams and commitment to creator-first innovation led her from the trade show floor to the executive suite.

Women in Adult ·
opinion

How the Interstate Obscenity Definition Act Could Impact Adult Businesses

Congress is considering a bill that would change the well-settled definition of obscenity and create extensive new risks for the adult industry. The Interstate Obscenity Definition Act, introduced by Sen. Mike Lee, makes a mockery of the First Amendment and should be roundly rejected.

Lawrence G. Walters ·
opinion

What US Sites Need to Know About UK's Online Safety Act

In a high-risk space like the adult industry, overlooking or ignoring ever-changing rules and regulations can cost you dearly. In the United Kingdom, significant change has now arrived in the form of the Online Safety Act — and failure to comply with its requirements could cost merchants millions of dollars in fines.

Cathy Beardsley ·
opinion

Understanding the MATCH List and How to Avoid Getting Blacklisted

Business is booming, sales are steady and your customer base is growing. Everything seems to be running smoothly — until suddenly, Stripe pulls the plug. With one cold, automated email, your payment processing is shut down. No warning, no explanation.

Jonathan Corona ·
profile

WIA Profile: Leah Koons

If you’ve been to an industry event lately, odds are you’ve heard Leah Koons even before you’ve seen her. As Fansly’s director of marketing, Koons helps steer one of the fastest-growing creator platforms on the web.

Women in Adult ·
opinion

What France's New Law Means for Age Verification Worldwide

When France implemented its Security and Regulation of the Digital Space (SREN) law on April 11, it marked a pivotal moment in the ongoing global debate surrounding online safety and access to adult content.

Corey D. Silverstein ·
Show More