Social engineering is the act of manipulating others to get them to break a security process or divulge confidential information. This is something that hackers are really good at it. They are prime at taking advantage of the good-naturedness and trusting tendencies of people to create a security breach within an organization or to get them to compromise their personal information.
The security industry is expecting to see an increase in attacks from cybercriminals. In The 2015 Black Hat Attendee Survey, 46% of security professionals cited social engineering as a top concern. Thirty-one percent felt that social engineering issues consumed most of their time on an average day. Thirty-three percent felt that end users are the weakest link in today’s IT defenses.
There is no question of the challenges corporations face from social engineering. Here are 5 accidents waiting to happen.
Increase in Ransomware Attacks
Ransomware has resulted in $350 million in damages. In a study conducted by Bitdefender, more than 50% of Americans hit by ransomware paid the ransom to cybercriminals to decrypt their files. Americans are the most sought after targets and are willing to pay up to $350 to get their files back. In a Cyber Security Summit last year in Boston, the FBI stated that the CryptoWall ransomware is so strong it is easier just to pay the ransom. Usually, the FBI does not make recommendations. However, with CryptoWall, the only options for the user is to revert to a backup or pay the ransom.
Ransomware is lucrative for criminals and is expected to grow and become more complicated. It is not too difficult for criminals to exploit people using social engineering to get an unsuspecting victim to click on ransomware.
Expected New Top-Level Domains Will Spur Spam and Malicious Campaigns
Today, there are more than 700 Generic Top Level Domains (gTLDs) with 1,900 on the waiting list. These new domains free up space on the Internet. But as these new domains emerge, they pose as an opportunity for criminals to take advantage of the confusion and will use social engineering tactics to lure users to malware.
Increased Threats with Online Banking Activities Via Mobile Devices
Attacks via mobile phones are increasing. With lax security, they are becoming a target for criminals. Mobile devices are becoming popular to use for online banking. People can check their accounts, take photos of checks and have them deposited into their account. People will download and install banking apps but just because an app is in the Google Play or iOS store does not mean that the app is safe. Fraudulent apps are out there and will capture your personal information.
A New Trend: Spear Phishing
Spear phishing is sending a few emails targeting specific execs who have access to sensitive information. If the email is clicked, usually a keylogger is downloaded and installed on the PC or a user could be brought to a malicious website.
Credentials can be captured when an exec logs into an internal network. A hacker can take these credentials and log in without raising any suspicion to fraudulent activities.
Business Email Compromise (BEC)
BEC is a phishing scam where a criminal gains access to a CEO’s email account. Criminals take the time to learn the processes of an organization, and then while pretending to be the CEO requests a substantial amount of money to be transferred to a bank account.
This tactic has been successful. When the request comes from a person of authority, the trusting employee will follow through with the request because of the source.
There are so many variations of attacks and criminals will continually think of new ways to exploit people. People need to be more cautious and slow down. They need to pay more attention to their actions to prevent becoming another victim of social engineering and have phishing prevention strategy and solution in place.