Four New Social Engineering Scams To Look Out For In 2014

By | April 25th, 2014|Uncategorized|

PhishingSymantec’s 2014 Internet Security Threat Report recently revealed that spear phishing campaigns increased 91 percent in 2013. In addition to the increased number of spear phishing* campaigns, cyber criminals are also using stronger phishing tactics, Stacy Collett at Network World reports.

Collett shared Chief Hacker at Social-Engineering.org Chris Hadnagy’s experience with spear-phishing. He has seen cyber criminals step up their social engineering game, especially among business employees:

“Groups are sending phishing emails with malicious attachments, which a cautious employee usually ignores. But then they’re following up with a phone call that says, ‘Hi, this is Bob in accounting. I just sent you an email with a spreadsheet. I just need you to open that up real quick and check it out.’ Those factors put together make you trust them and take that action. Social engineering tactics like these serve as the entryway to the latest internet scams,” Hadnagy said in Network World.

Collett outlined the top four social engineering scams to look out for in 2014:

  1. Phishing with ransomware
  2. Automated calls for credit card information
  3. Healthcare records for spear-phishing attacks
  4. Using funerals in phishing attempts

A few ways to help prevent phishing from occurring, according to Security Watch’s Abigail Wang, is by taking control of your personal information that is available on the web. Wang reports that “25 percent of Facebook users do not use privacy setting and 20 percent of social media users in general set their profile to public,” giving cyber criminals an increased chance of fooling you based on the information they know about you.

Have you fallen for a phishing attempt? How can individuals and businesses protect against phishing? Share your thoughts with us on Facebook and Twitter and take a look at our Tumblr for the latest security news stories.

*Spear phishing: an email that appears to be from an individual or business that you know, but in actuality comes from a cyber criminal.

News Recap: Social Engineering Threats to Businesses

By | February 27th, 2014|Uncategorized|

SMB postA few weeks ago, we shared the story of @N_is_stolen; where Naoki Hiroshima’s online accounts were attacked and held at ransom, in order to have access to his Hiroshima’s coveted “$50,000” Twitter handle. A recent update in his story arose: Twitter was able resolve the incident by restoring Naoki with his @N handle. Megan Guess of Ars Technica quotes a tweet from Hiroshima on Tuesday that said, “Order has been restored.” While this is good news for Hiroshima, other stories like his are continuing to spread across headlines.

Paul Mah of Fierce CIO Tech Watch shared the story of Josh Bryant, the founder of a start-up business who nearly lost his entire company to a social engineering attack. Mah writes, “The target of this hacker was Josh Bryant’s Twitter username of @jb and its popularity due to it representing the initials of superstar Justin Bieber. In his case, the attacker targeted various online services that Bryant used with social engineering tactics to gather more fragments of information along the way.” Bryant states that his attackers hoped to gain access to his personal information through his accounts with Apple and Amazon. Mah comments, “It is worth noting that disaster was prevented only because Bryant was online at the time of the attempted hijack, and followed on the heels of the various password reset notifications in an active bid to stymie the attacker.”

Fahmida Y. Rashid reported on last week’s Kaspersky Lab Security Analyst Summit, where senior security researcher David Jacoby shared his experience with a different approach to social engineering. Rashid writes, “Jacoby was invited by a company come in and tests its defenses. As it turned out, he didn’t need any fancy hacks or zero-days to get through. It was all social engineering.” Rashid continues by explaining Jacoby’s step-by-step process to infiltrating and gathering information from this company. In closing, Jacoby believes that as a business “It’s really hard to defend against social engineering because it’s human nature to want to be nice and helpful. We want to give people the benefit of doubt and not assume everyone is out to cause harm, but it’s exactly this human emotion that makes us fail at security.”

What procedures and policies should businesses incorporate in order to protect the company and its employees from falling prey to social engineering attacks? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.