beings have long been the weakest link in your cybersecurity chain. So, it may
not surprise you when experts say that up to 98% of all cyberattacks rely on
social engineering–the dark art of inducing (then leveraging) predictable human
responses to trick people into handing over sensitive information.
years ago, research firm Gartner warned the world that “Social engineering is the single
greatest security risk in the decade ahead.” Today, two
such social ruses on a meteoric rise include vishing and smishing, dangerous
variants of the widely rued phishing
cyberattack. Vishing (shorthand for
‘voice phishing’) targets mobile users and those who use VoIP services. Sometimes,
crooks use fake caller ID–and even unwitting call centers and answering
services to enable their scam. They impersonate legitimate companies or
individuals, leaving bogus voicemail-callback requests. The goal, of course, is
to fool victims into parting with credit card info, account sign-ups, birthdays
or other highly personal data. Recently, the ploy’s destructiveness increased
exponentially, as fraudsters (for the first time on record) used AI software to
‘deepfake’ a company leader’s voice and dupe a subsidiary’s CEO into wiring their
criminal surrogates a cool $243,000.
there’s smishing (SMS phishing), a
mobile device assault which uses Short Message Services or texting as its attack
vector. Smishers’ objectives, however, can differ. “Just like email phishing
scams, smishing messages typically include a threat or enticement to click a
link or call a number and give out sensitive information,” warns CSO Online.
They might also instruct users to install ‘security’ or other software on the
device, which, of course, is usually malware.
can you and your employees avoid being victimized by social engineering? “Always
err on the side of caution,” CSO Online advises. “Trusting no one [and teaching
others the same] is a good place to start.” Experts at KnowBe4 add that “Common
sense is a general best practice and should be an individual’s first line of defense
against fraud. Don't trust any message that asks you to reveal
personal information and don’t click on unsolicited links.” These
nuggets of wisdom, and others like them, highlight the vital importance of
having a culture of security awareness, built on regular training, open
communication, and committed leadership.
For best-practice based support in any area of
social-engineering, including training, contact TeamLogic IT today.