What is Social Engineering?

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO Fraud are all examples.

Hackers use a combination of pretexting, baiting, water-holing, CEO Fraud and other techniques to lure employees for systems and assets to be compromised. Improve your security posture immediately by better understanding the risk and with targeted additional training for specific employees that may be vulnerable to such attacks.

Social Engineering Services

  • Customized phishing campaigns to identify % of phish-prone users.
  • Targeted end user security awareness training to reduce risk from phish-prone users.
  • Development of tailored phishing, vishing, pretexting, CEO Fraud campaigns to understand business risk.
  • Detailed reports that describe findings from social engineering campaigns.
  • Access to security awareness emails for compliance with mandates such as HIPAA, CCPA, GDPR.

Ransomware

  • Ransomware denies access to a device or files until a ransom has been paid.
  • Ransomware attacks have evolved to include double-extortion and triple-extortion attacks that raise the stakes considerably.
  • Even victims who rigorously maintain data backups or pay the initial ransom demand are at risk.
  • Double-extortion attacks add the threat of stealing the victim’s data and leaking it online.
  • On top of that, triple-extortion attacks threaten to use the stolen data to attack the victim’s customers or business partners.
  • Supply chain ransomware attacks are multiplying damages and allowing attackers to bypass traditional security controls.
  • LockBit remained the most prolific ransomware, responsible for several high-profile attacks.

Phishing

  • Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
  • Popular themes include stimulus checks, fake CDC warnings, working from home, Netflix scams, fines for coming out of quarantine and many more.
  • The attackers are using phishing kits that impersonate email services like Google’s G Suite or Microsoft’s Office 365 in order to compromise corporate email accounts

Phishing Techniques

Phishing vs. Spear Phishing

Cyber Resilience In the 2020s

  • Cybercriminals ramped up COVID-19 related phishing attacks over 667%, March 2020.
  • Out of nearly 2,400 reported data breaches, over 1000 – 45.5% – of attacks were initiated by a phishing attack.
  • More than 90% of successful hacks and data breaches start with phishing scams.
  • Healthcare and Pharmaceutical organizations had the highest percentage of phishing attacks at 44.7%.
  • The overall Phish-Prone Percentage (PPP) average across all industries and size organizations was 37.9%.

Phishing Techniques

Spear phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It's actually cybercriminals attempting to steal confidential information.
The same email is sent to millions of users with a request to fill in personal details. These details will be used by the phishers for their illegal activities. Most of the messages have an urgent note which requires the user to enter credentials to update account information, change details, or verify accounts.
  • Vishing is the phone's version of email phishing and uses automated voice messages to steal confidential information.
  • These attacks try to trick an employee into giving out confidential information via a phone call.
  • Vishing attacks use a spoofed caller ID, which can make the attack look like it comes from either a known number or perhaps an 800-number that might cause the employee to pick up the phone.
  • Vishing often uses VoIP technology to make the calls.
  • Vishing attacks can be focused on all employees, or against employees that mainly deal with people outside the organization. Departments like the help desk, PR, Sales, and HR are good to include in vishing security tests.
Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

5 HIPAA Rules Regarding Text Messaging

  • Establish procedures and policies to manage who is authorized to access PHI when texting.
  • Implement audit and reporting controls for HIPAA compliant texting.
  • Ensure PHI is not improperly changed or destroyed during texting.
  • Provide proof of identity before sending and receiving messages.
  • Guard against unauthorized access of PHI during transmission.
Learn More
imgfluid