Article Read Time
Social Engineering isn’t a new field of engineering. It’s a common thread in nearly all cyber attacks and something that all employees, and everyone in general, need to be aware of. Social Engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Basically, that means a “victim” is convinced to do something or give up some critical piece of information that a cyber criminal can use against them. This includes convincing someone to click on a link, open an email attachment, or provide requested information. The “tricks” rely on appealing to the person’s curiosity, greed, fears, sense of urgency, or even compassion.
How many times have we warned children not to trust a stranger who asks them to “help find their lost puppy” or tells them, “Your mom wanted me to come to pick you up,” before putting them in their car and kidnapping them?
It’s the same in the cyber world…but more prevalent, especially when the risk of capture is so low but the reward so high.
These tactics are becoming more sophisticated, especially in the days of COVID-19 when more of us are working from home or are more vulnerable to scams involving stimulus checks and other financial rescue.
The top social engineering trends that you should watch out for include:
- Consent Phishing involves malicious apps that request permission to access cloud services and other applications, allowing the criminal to access additional information in the cloud.
- Business Email Compromise (BEC) is a significant source of revenue for criminals. The criminal, posing as a reliable colleague, sends an email or other communication to the subject, instructing them to send funds to a bank account controlled by the criminal. The victim assumes it is a legitimate account and transaction, believing it is at the direction of an authorized coworker. The average cost of this type of attack is $80,000 and is increasing every year.
- “Deepfakes” is a relatively new term that will become increasingly prevalent as artificial intelligence matures. A deepfake is a video produced using artificial intelligence to merge, replace, or superimpose content onto another video, creating a fake and often controversial-looking video of a celebrity or politician. Then someone sees the “video” and is curious to know more about the outrageous content. They click on it, and the phishing attack is in motion.
- Nation-state actors are still, and always will be, a prime adversary in cyber crime. As more people are interacting online, nation-state actors pose as cyber security bloggers and target researchers on LinkedIn. From the theft of COVID-19 research to the control of critical infrastructure control systems, nation-state attacks continue to grow.
- Phishing has continued to grow as an attack vector as users click on malicious links or attachments. It has become so profitable that phishing-as-a-service is now a booming business. Hackers don’t even have to create their phishing campaigns. They can outsource it.
All of these types of social engineering trends point to one solution. EDUCATION! The more security awareness training that employees and other users have, the better prepared they are to avoid these traps and protect their information and your company.
At Commonwealth Sentinel, we offer technical solutions like Security Operations Center (SOC) and training packages to help you prevent falling victim to cyber crime. Our Critical Response Team can help you get your systems back up and running in the event of an emergency. What’s your first step? Schedule a free consultation today or contact us at (502) 320-9885 for more information.