What is a social engineering attack?

A social engineering attack is malicious attack which typically involves some from of psychological manipulation, specifically fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotion in the victim leading the victim to promptly reveal sensitive information click a malicious link or open a malicious file. Most common from of social engineering: Phishing The most common social engineering attack come from Email or SMS phishing or spear phishing and can vary with current event, disasters, or tax season. Since about 91% of data breaches come from phishing, this has become one of the most exploited forms of social engineering. Here are some of the worst phishing examples: Court Notice to Appear -Scammers are sending phishing emails claiming to come from a real law firm called ‘Baker & McKenzie’ stating you are scheduled to appear in court and should click a link to view a copy of the court notice. If you click a link you download and install malware. IRS refund ransomware -Many of us waited till the last moment before the April 15th tax deadline and are now holding our collective breath in expectation of that possibly rewarding refund. The problem is that cybercriminals are very aware of this anticipation and use social engineering tactics to trick taxpayers. Researchers at Proofpoint recently discovered a Phishing campaign -That originated from select job postings on CareerBuilder. Taking advantage of the notification system the job portal uses, the attacker uploaded malicious attachments instead of résumés, which in turn forced CareerBuilder to act as a delivery vehicle for Phishing emails. Fax Notice Scam – It’s a phony link to a phony fax. But it will do real damage to your PC. This is quite common, especially for firms who still use faxes heavily such as document management, title companies, insurance and other financial services companies. Dropbox Link Scam -Have we got a surprise waiting for you in Dropbox. A couple variations of this were running 2014. One was a fake Dropbox password reset phishing email that when clicked, led users to a page saying their browser is out of date and they need to update it (with a “button” to the update). This would launch a Trojan in the Zeus family of malware. Conclusion Organization are finding themselves under the pressure of being forced to react quickly to the dynamically increasing number of cybersecurity threats. Since the attackers have been using an attack life cycle organization have also been forced to come up with a vulnerability management life cycle.