98% of cyber attacks have some form of social engineering involved
Social engineering is a way of influencing, manipulating or deceiving people to control their computer systems.
Social engineering tactics may include emails (phishing), snail mails, phone calls, direct personal contact.
Here are some examples:
Caller ID spoofing: After a data breach at Ritz in London, the scammers used the data to call the victims, and the caller ID showed the hotel’s number.
Vishing: Some scammers called the victims (known as Vishing) as if they are from tech support or send automated voice mails – called Wardialling – from the authorities such as the ATO.
Baiting attacks – scammers give the victim a USB key, the victim will plug it into their computer, and the malware will spread to the computer and the network.
Pretexting: using a false pretext to gain access. Someone dressed as a Courier service messenger to sneak past the security guards or walk briskly with a clipboard to access an idle computer.
In the old days, when people used to have smoke breaks, the hacker would come and join them and walk with them into the premises to log in to the computer that is not locked and vacant.
As you can imagine, the hackers and the scammers will keep coming up with new methods of cyberattacks.
If you have a “security culture” in the organisation, you can prevent many cyber attacks.
The starting point for creating such a culture is Security Awareness Program to educate the end-users on how the scammers and hackers could manipulate or deceive them to get valuable information and attack the organisation.
Do you agree?