Social engineering isn’t new by any stretch of the imagination. Con artists have been active since before the days of modern technology. Social engineering, however, has continued to evolve and take on new shapes. The challenge that many businesses and individuals face today is the realism behind social engineering attacks. They have become more sophisticated and can fool even the most tech-savvy executives. This puts important data and information in harm’s way and at risk of being lost for good. Far too often, individuals underestimate the power of social engineering attacks and assume the attacks can be spotted from miles away. The most common social engineering attacks have become so common because they are very effective.
Here are three common, yet effective, social engineering tactics that you should always be mindful of.
1. Phish and Whales
The common goal for hackers, scammers and social engineers is very similar. They all want to manipulate and steal important data or funds. However, their targets vary what they are seeking. Phishing is still the most popular form of social engineering. Hackers have just become more sophisticated with their approach. Some phishing attacks still target a wide audience with generic claims such as winning a drawing or earning money. Many of these can be detected immediately if approached with proper caution. Other attacks are specifically targeted at specific employees. These attacks are called spear phishing. These scams are constructed with extensive research on an individual and are strategically placed in emails that look legitimate. Another thorough phishing strategy is whaling. This is the “deep sea” phishing of social engineering. Whaling is when a hacker targets a high-level executive C-Suite executive. While the premise of this attack is the same as regular phishing or spear phishing, the impact can be much more detrimental is successfully executed.
2. Watering Hole Attacks
In desert biomes, trapping a watering hole means predators camping out and waiting for prey to act aggressively every time to be effective. Many times, hackers can wait for an ill-advised click on a malicious link. These links are often hidden in commonly visited websites or through fake ad banners. Hackers use similar tracking methods as advertisers to see which sites are being visited by employees in an organization. Hackers will then insert malicious code in the most vulnerable websites. These sites are typically small businesses or blogs that lack proper security. Setting up watering hole attacks allow the hackers to gain access to sensitive data without having to request credentials. Users should always check to see if a site is properly protected by looking for the “https” in the url.
3. Pretexting attacks
Social media dominates professional and personal agendas on a global scale. Companies strategize over ways to gain followers on their business profiles and individuals use their personal accounts to share their life experiences with friends and families. Hackers have realized how valuable the social media space has become and this has led to more pretexting attacks over the past few years. Pretexting attacks are social media-based attacks where a hacker creates a fake account to impersonate a business, vendor, friend or family member. Advanced hackers will take extended time to prep these attacks with research, gathering photos, filling out personal information fields and impersonating the most believable account. Often, the hacker is successful in creating a very realistic (but very fake) account. From there, hackers pose as the individual and target coworkers, friends, or family for personal information or financial records. Skilled hackers know which contacts are most vulnerable and use this to their advantage. If you receive a strange direct message on social media, contact the individual by phone to confirm their identity. Never give out sensitive information over social media.
These are just a few of the numerous ways hackers are using social engineering to attack businesses and individuals. It’s crucial for high-level executives to educate themselves and their employees on the many digital dangers that threaten the integrity of their organization.
NXTsoft is focused on helping you protect the data that is most valuable to you. NXTsoft’s ThreatAdvice vCISO solution provides you with assurance that all your data security needs are being met. This comprehensive cybersecurity solution now comes with a $500,000 warranty to protect against any cyber incidents or breaches that occur under the term of a ThreatAdvice vCISO contract.