Social engineering, like other cybersecurity attacks, is rising and affecting companies in every industry. Cybercriminals exploit people’s fears, uncertainties, distractions, and confusion. Social engineering is a real attack vector. Attackers continue to use more sophisticated methods, take advantage of media coverage, and come up with fresh, inventive ways to gain trust and convince people to compromise the security of an entire business. Almost all communication, including email, social media, text messaging, and phone conversations, are used in cyber attacks. In this article, Stacy Collett discusses how you can protect yourself from social engineering.
How Can You Protect Yourself from Social Engineering?
Employees seem to be letting their guard down when spotting scam ploys due to pandemic fatigue, remote work, or too much information. According to Proofpoint, attackers were more successful with their social engineering tactics last year than they were the year before. A 3,500-person survey found that more than 80% of firms experienced a successful email-based phishing assault in 2021. This is a 46% increase from 2020.
According to a Stanford University study, most data breaches—about 88%—result from employee error. Distraction is the leading factor identified by employees (45%) for falling for phishing scams, while remote workers (57%) acknowledge that working from home makes them more distracted. In 2021, Proofpoint discovered specifically around 15 million phishing emails containing malware payloads as ransomware. In addition, Sophos estimates that the average overall cost of recovering from a ransomware assault was $1.85 million in 2021.
Old and New Scamming Tricks
Security awareness specialists claim that employees continue to fall for these five well-known ploys and warn against four brand-new frauds that give these tried-and-true methods a fresh spin.
Five old tricks:
- Fake emails with an official appearance
- A USB drive that has been infected with malware
- Email scam providing an office gift card
- Internal voicemails containing malware
- False shipment delivery notices stating that there are customs taxes or charges
Four new tricks:
- Phishing emails for DocuSign
- Emails requesting information on the aging account report
- Links requesting that you click on a link saying that the account is having issues
- Impersonating well-known brands to trick clients into disclosing their sensitive information
To read the original article, click on https://www.csoonline.com/article/3654469/5-old-social-engineering-tricks-employees-still-fall-for-and-4-new-gotchas.html