Social Engineering: How an Email Becomes a Cyber Threat

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
NOTE: the date of this article is December 16, 2015. ...quote old/outdated but might be stil interessting...

Enterprises and their employees should be aware of multiple social engineering techniques.

Baiting is one in which an attacker offers an incentive to draw in a target and can be effective in convincing a person to download malicious software onto his or her computer.

Pretexting is another in which an individual uses misrepresentation to gain access to privileged information. This technique has been increasingly successful as cyber thieves gain access to identifying information to personalize the attack.

• And, perhaps the most well-known type of social engineering is phishing, a technique in which an attacker attempts to obtain private information such as a social security number or authentication code. In phishing scams, a fraudulent email or other form of communication is often disguised as a legitimate engagement from a “trusted” source requesting information. Like with pretexting, phishing attempts tend to be most successful when the attempt is personalized.

Spear-phishing, a derivative of phishing, is targeted at a specific person or role in an organization. Hackers leverage freely available information to craft an email likely to appeal to the target.

How to Defend Against These Attacks

Today, one of the best ways to defend against social engineering is to beef up security through employee education. In combination with technology solutions, employee education can help build awareness to common social engineering techniques, such as phishing. According to the 2015 Data Breach Investigations Report by Verizon, nearly one in four employees will open a phishing email.

Rather than training employees based on theoretical ideas, companies should adopt a real-world training approach. Smart companies will incorporate security testing tailored to employee’s everyday business operations. These simulations ensure all products, applications and networks are sufficiently robust to cope with potential threats; allows them to see what an attack actually looks like; and how easily it can happen.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top