Council Post: Beware Of These Top Five Social Engineering Scams

Perry Carpenter is Chief Evangelist for KnowBe4 Inc., provider of the popular Security Awareness Training & Simulated Phishing platform.  

While the world grapples with the pandemic, rapid digitization owing to social distancing is deepening cybersecurity vulnerabilities, exacerbating known threat vectors and exposing unforeseen weaknesses. The FBI recently reported a 400% increase in cybercrime complaints. Interpol also claimed a massive spike in cybercrime, citing nearly a million spam messages and malicious URLs related to Covid-19.

Social engineering attacks prey on pandemic woes.

The coronavirus — and our reaction to it — has created the perfect storm for online disruption. Seemingly overnight, millions of us are now working from home, opening businesses to a number of unplanned-for cyber risks. These risks get compounded by the widespread panic, confusion and uncertainty that surround the virus amid worsening economic conditions.

Cybercriminals use this environment to their advantage by reinventing tactics that align with the crisis. Crafty cyberattackers simply pose as legitimate businesses, government entities, non-profit organizations or other trustworthy sources to trick unsuspecting users into divulging sensitive information or downloading malware onto their devices.

Be wary of these top social engineering techniques.

Cybercriminals have a deep understanding of human psychology. They understand that we are socially distanced yet craving social connections — and they prey on that need. They also prey on our insatiable drive to gather information whenever we are unsure of something.

Humans are curious by nature, and in the current climate there is a sense of urgency and a need to stay informed. Social engineering thrives in this environment, and that’s why it’s one of the most favored attack vectors by scammers. As much as 95% of malicious breaches stem from phishing attacks.

Let’s look at some of the most common social engineering techniques:

1. Phishing and smishing: This is probably the most well-known technique used by cybercriminals. Hackers are targeting businesses using legitimate-looking emails and social media messages with important information about the coronavirus. According to my company’s Q1 2020 phishing report, phishing attacks related to Covid-19 grew by almost 600% in the first quarter of the year.

Smishing, another evolved method of phishing, is also on the rise. This technique involves the use of SMS messaging (texting) as a delivery mechanism to launch an exploit, as text messages have higher open rates than email.

2. Pretexting: Pretexting involves the sophisticated impersonation of a trusted source or creation of a fabricated scenario with the sole aim of convincing the victim to perform an action. The attacker may choose a combination of phone, email, text or social media to build trust and rapport with the target. By using Covid-19 fears as a pretext, scammers often pose as healthcare providers, charitable organizations, insurance institutions, etc. and manipulate the user into performing an action that could plant the attacker in the network.

3. Baiting: A baiting attack is an attack that exploits human curiosity. More than 100,000 Covid-themed domain names were registered in the past few months exploiting a surge of people seeking more information about the virus. Fraudulent domain names promise vaccines and lure users to visit their websites even though there is no government-approved vaccine available at this time. Coronavirus-themed comments on social media target anxious users and bait them to clicking on malware-laden links.

4. Water-holing: Watering hole attacks take advantage of websites or mobile applications people know and trust. The “Live Coronavirus Data Map” is a recent example of such an attack where the application from the John Hopkins Center for Systems Science and Engineering was spiked with malware that could allow the attacker to access the smartphone camera, listen through the microphone and enter through text messages.

5. Vishing: Vishing (or voice phishing) is the telephone equivalent of phishing. Vishing appears to be a technique derived from phreaking, which was rampant in the pre-internet era. Using this technique, attackers manipulate victims by calling them to humanize the delivery and make the scammer seem more trustworthy. For example, someone pretending to be associated with IT support or with a third-party vendor can influence the target into providing access to the system or corporate network. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) issued warnings stating that the shift to working from home has given rise to vishing attacks. It has come to light that the vishing attack that compromised several high-profile Twitter accounts recently has also affected dozens of banks, cryptocurrency exchanges and web-hosting firms.

Cybersecurity awareness can help flatten the scam curve.

Here’s the deal: Social engineering is a favorite method for cybercriminals because it just works — these tactics weaponize our human nature against us. So, unfortunately, social engineering is with us for the long haul, and social engineering tradecraft will continue to persist and evolve in sophistication, much like mutations in biological viruses. Here are some steps to help you protect your organization:

• Start with a cybersecurity assessment to measure your organization’s threat quotient.

• Run mandatory training sessions on security awareness to ensure workers follow cyber-hygiene best practices.

• Run mock phishing scenarios — literally phish your own workers — on a routine basis to ensure everyone, including upper management, has security top of mind.

• Use gamification or fun interactive sessions to spice up training and increase participation.

• Have an “eyes open” approach to evaluating your organization’s cybersecurity culture.

Remember, the only way to prevent attacks is by educating workers to ensure they build adequate muscle memory and instinct to recognize when a document, text, file or link seems suspicious.


Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?


Speak Your Mind

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get in Touch

350FansLike
100FollowersFollow
281FollowersFollow
150FollowersFollow

Recommend for You

Oh hi there 👋
It’s nice to meet you.

Subscribe and receive our weekly newsletter packed with awesome articles that really matters to you!

We don’t spam! Read our privacy policy for more info.

You might also like

Magical Start Continues As Buffalo Bills Move To 4-0...

LAS VEGAS, NEVADA - OCTOBER 04: Quarterback Josh Allen...

Update: How To Drink Wine Alone

A few months ago, I wrote in this column about how to drink wine...

Council Post: Six Ways To Make The Most Of...

Chris J "Mohawk" Reed - No.1 LinkedIn Expert - CEO & Founder of Black Marketing -...

Jamie Little Is About to Make Motorsports Broadcasting History–and...

Decades ago, Harvard Business School professor Howard Stevenson penned the classic definition of entrepreneurship:"Entrepreneurship is...