The weakest part of any security program is almost always invariably human.
Social engineering seeks to exploit this weak link by appealing to people’s vanity, greed, curiosity, altruism, or respect for or fear of authority in order to get them to reveal information not available in the public domain, allow access to an IT system, or install malicious software such as Ransomware or Spyware.
There are a number of social engineering techniques thieves use. These include Phishing, Impersonation, Vishing, and SMiShing. Information regarding these social engineering techniques is detailed within the Infographic below.
Needless to say, these malicious tactics are utilised widely by cybercriminals and organised crime within Australia and overseas. In many cases, criminals are based overseas and target businesses and individuals within Australia.
The internet and communications are borderless and anonymous, enabling social engineering to thrive.
Kevin Mitnick is a well-known former cyber criminal who used social engineering to good effect last century. His techniques and techniques are still active and relevant today.
In almost every type of information-based attack, some form of social engineering is used. Whilst many attacks are technical and conducted using email, social media and texting, in some cases, attackers use more simplistic methods of social engineering to gain physical, network or computer access.
Social engineering emails are very hard to spot - gone are the days of pixelated logos and poor spelling.
For example, a hacker might frequent the public food court of a large open-plan office building and "shoulder surf" users working on their tablets or laptops. They may even pose as a worker and visit a business area and attempt to illicit information through face to face conversation or gain access to a physical location.
Criminals may simply use the phone to impersonate a trusted entity in order to seek unauthorised access to information.
Whatever the case, it is very important that business owners and their staff understand the threat of social engineering and ways in which to detect and defend against various criminal sources. Attacks can occur anywhere and any time, even when travelling overseas.
Many victims are not even remotely aware that a social engineering attack is taking place; such is the skill of criminal organisations and their associates and facilitators.
To learn more on the threat of social engineering to both individuals and business, and how we can assist in training and awareness, contact us through our website or phone.