The word “social” implies good times, sharing, and community. But in cybersecurity, “social engineering” has a dark, dangerous implication. Social engineering attacks are a rising and increasingly sophisticated threat. At the same time, security vendors like Mimecast are continually innovating the defenses against social engineering with advanced technologies such as artificial intelligence (AI). Show
What Is a Social Engineering Attack?As its name implies, social engineering is a method of attack where the fraudster weaponizes personal information to target a user. The information could be a person’s job title or duties, the name of a supervisor or top officer in the organization, or details about some important upcoming event. Often by impersonating other persons or organizations — peers, partners, or supervisors — the fraudster creates a convincing message that makes the receiver go along with malicious activities, such as unintentionally installing malware, transferring funds, or sharing sensitive information with cybercriminals. Five Types of Social Engineering AttacksSocial engineering has been increasing since 2017, according to Verizon’s 2021 data breach report. Most recently, social engineering has shown a “meteoric” increase in what Verizon called “misrepresentation” tactics, which grew 15 times higher during the Covid-19 pandemic.[1] Social engineering methods keep evolving along with the channels and technology available to fraudsters. Just as phishing has expanded beyond “click here for a prize” emails to “smishing” (by text), fraudsters have become more sophisticated in their use of social engineering. Thanks to social media and to the sale of databases of stolen information on the Dark Web, cybercriminals can acquire large stores of data to enable their attacks. Their approaches include:
Examples of Real Social Engineering AttacksAs some of the top phishing attacks in the last decade have shown, high-profile cybercrimes often involve a dose of social engineering:
How Technology Can Block Social Engineering AttacksAs in so many cases of cybercrime, the best defense against social engineering attacks is security awareness training. Train all users in the system to be skeptical of any messages requesting sensitive information, payments, or software installations, even if they seem to come from the boss. As the FBI recommended in a recent alert about business email compromise (BEC), employees should make sure the URLs in any emails actually match the organization they claim to represent, check that any links included in the email are spelled correctly (fraudsters often use lookalike addresses) and never share personal information over email. Organizations should also ensure the settings in their employees' workstations are tuned to see the extensions on email addresses, so they can spot phishing messages that are spoofing a legitimate sender by replacing a “.com”, for example, with a “.org”. But awareness can only go so far, especially when attackers keep evolving their social engineering tactics. Artificial intelligence (AI) and machine learning are helpful in keeping up with the evolution of the fraudsters, building stronger defenses as they learn from current attacks:
The Bottom LineSocial engineering is a growing issue in cybersecurity, but the tools to counteract this practice are on hand. Security awareness training is the best defense, but a number of automated technologies can also help security teams stay on point and evolve their defenses to block the attackers’ latest tactics. See how Mimecast uses AI to thwart social engineering. [1] “2021 Data Breach Investigation Report,” Verizon [2] “Aerospace firm, hit by cyber fraud, fires CEO,” Business Insurance [3] “How this scammer used phishing emails to steal over $100 million,” CNBC [4] “Phony Tech Support Scams Target Remote Workers during the Pandemic,” Cognizant [5] “Montreal-based UN aviation agency tried to cover up 2016 cyberattack, documents show,” CBC News [6] “Twitter phishing campaign targets customers of all major UK banks,” ZDNet What are examples of social engineering attacks?9 Most Common Examples of Social Engineering Attacks. Phishing. ... . Spear Phishing. ... . Baiting. ... . Malware. ... . Pretexting. ... . Quid Pro Quo. ... . Tailgating: ... . Vishing.. Which of the following is a type of social engineering attack?Phishing. The most common form of social engineering attack is phishing. Phishing attacks exploit human error to harvest credentials or spread malware, usually via infected email attachments or links to malicious websites.
What is social engineering attack?Social engineering is a type of cyber attack that relies on tricking people into bypassing normal security procedures. To gain unauthorized access to systems, networks, or physical locations, or for financial gain, attackers build trust with users.
Which of the following is an example of social engineering quizlet?Shoulder surfing and dumpster diving are examples of social engineering. Shoulder surfing is the act of looking over an authorized user's shoulder in hopes of obtaining an access code or credentials.
|