Social Engineering

Social engineering - the use of expert manipulation via e-mail, text message, phone call or even in-person visits, is the most common and most effective technique used by cybercriminals around the world. 

Social engineering - the use of expert manipulation via e-mail, text message, phone call or even in-person visits, is the most common and most effective technique used by cybercriminals around the world. 

 

Social engineering is all about deceiving people into giving up organizational information or performing actions that can compromise devices or services, and is the easiest way to attack any organization.

  • Deceiving people into giving up organizational information, opening malicious attachments and more is far easier to do than finding and exploiting technology specific vulnerabilities.
     
  • Information gleaned from organizational websites, personal social media and more can be used to help cybercriminals decide who to target, who to impersonate and what tactics may work best.
     
  • Social engineering attacks have been part of some of the largest cyber attacks and data breaches over the past few years.
0365phish.png

Phishing

Phishing is the most common form of social engineering due to its ease-of-use and high success rate

Phishing e-mails are designed to look like genuine communications from your organization or other trusted entities such as banks, governments or online services

Phishing e-mails are often designed to lure victims to visit infected or fraudulent websites, to provide critical information or to open malicious attachments

smsattack.png

TExt messaging

Text message attacks may appear to be coming from a trusted source such as a financial institution, a social media site or your organization

It may contain a link to a compromised website that may try to find vulnerabilities in your mobile devices in order to infect it with malicious software or malwar

usbkey.jpg

In Person

On popular in-person attack involves leaving USB keys or other removable media in parking lots in order to trick unsuspecting organizational members into checking the contents on their work device.

Doing so can lead to malware infecting the device or an automatic script could be run that could performing other actions to compromise an account.


Monthly Phishing Attacks

Based on unique phishing websites data from the APWG

Major incidents


VideoS

Expert Manipulation

Social Engineering in Practice