We’re constantly telling our employees to look out for social engineering attacks, but while we can share definitions all day long, humans often learn best by example. Show By seeing real phishing emails, hearing stories of clever pretexts and watching live hacking demonstrations, we can bring our teams one step closer to truly understanding the big buzzword “social engineering.” Here are a few specific examples of what popular social engineering schemes really look like: 1. Spear Phishing Emails, Calls or TextsPhishing is a term used to describe cyber criminals who “fish” for information from unsuspecting users. Some hackers send out mass messages, casting a wide net and hoping to trick a large pool of recipients. These generic messages, however, are often easy to spot for the scams they are. To weave a more convincing story, most versed cyber criminals research and obtain deep knowledge about their target— one “phish” at a time. Like a spear fisherman stabs at a single fish, spear phishers oftentimes only bait one particular person per attack. There are numerous types of spear phishing, all with their own slight variations in naming, but three of the most common are emails, phone calls and SMS messages. FUN FACT: Phishing is likely an evolution from the word “phreaking,” which is commonly used in the hacking community to describe people who study telecommunication systems, such as phones, and weave clever social engineering pretexts over them. It uses the “ph” from “phreaking” to play off the word “fishing.” Phishing EmailsThese are emails sent with malicious intent, containing links or attachments that download malware onto your device. We’ve all received scam emails, but some aren’t as easy to spot! Social engineers can spoof email addresses to make it look like a message came from a boss or a trusted source. Real-Life Example:In the phishing email examples above from KnowBe4, you can see how these social engineers asked for specific order numbers or payment transfers, digging for important information to use against you. Voice Phishing (Vhishing)Vhishing is a combination of "voice" and "phishing." It’s the phone's version of email phishing, where a bad actor calls instead of emails to steal confidential information. These calls often leverage fear and urgency to get quick, impulsive callbacks. These social engineers often imitate figureheads you’ve never actually talked to or met, so as to be sure you wouldn’t recognize their voice! Real-Life Example: SMS Phishing (Smishing)Bad actors don’t just leave deceptive voicemails; they are now also texting-savvy! Whether it’s a work phone or your personal device, they’re sending pointed SMS messages to phish. Real-Life Example: Watch out for COVID-19 related phishing emails, calls and SMS messages right now. Bad actors are shamelessly capitalizing on fear around the virus to send infected links, masquerading as vaccine sign-ups, stimulus check deposits and more! 2. BaitingIn order to catch a fish, a fisherman would string some bait on a hook before casting their line. That’s exactly what bad actors do in their messages! They dangle before you some juicy bait— often in the form of a coupon, money, a special prize, etc. Real-Life Example: DID YOU KNOW? When a bad actor weaves a false story or situation using real facts to build trust and credibility this is called “pretexting.” They are creating a fake narrative or pretext to get you to perform an action. 3. Quid Pro QuoWhereas during a baiting attack the social engineer often offers an enticing deal or product, quid pro quo often involves a service offered in exchange for something. After all, it’s named quid pro quo because the phrase is literally Latin for “something for something.” Real-Life Example: 4. Tailgating or PiggybackingWhen you’re on the road and another car is riding close behind you, you call it tailgating. Social engineers use this same principle. They follow closely behind employees entering a building to gain access— oftentimes, specifically to a restricted, fob/code-accessible area. Real-Life Example: See what bad actors are actually up to by reading about some of the biggest social engineering attacks: 5 of the Most Famous SE Attacks of the Last Decade and The Biggest Social Engineering Attacks in History. Beyond Social Engineering AttacksSocial engineering is one of the top two techniques used to compromise corporations, but these attacks aren’t the only cyber threats out there. Here are 5-½ truly impactful ways you can increase your digital security to get you started.
|