Latest Cyber Security Tactics
Social Engineering is a term used for a range of malicious attacks accomplished through human interactions. It uses phycological manipulation to deceive unknowing users into breaching standard security practices and giving away sensitive information. Microsoft reports that social engineering attacks have jumped to 20-30,000 a day in the U.S.
Unlike a viral attack, this range of attacks require a multi-step process where the attacker actually investigates and prepares for the attack on the cyber victim.
- Investigation – prepares the ground for attack such as identifying a victim, gathering background information and cyber habits and then selecting an attack tactic.
- Hook – This is the part where the criminal deceives their target to gain a foothold by engaging with them, telling a story or web of lies and gaining control of the conversation.
- Play – Once they have gained some trust, the attacker makes a play and begins obtaining information over time, executing their planned attack and disrupting business and/or siphoning data.
- Exit – The last step is for the attacker to close the relationship, preferably without the victim ever realizing it happened. They remove all traces of malware, cover tracks and bring the charade to a natural end.
Social Engineering Tactics:
- Phishing: Phishing is one of the most common social engineering tactics. These include email and text message campaigns to create a sense of urgency, curiosity or fear in victims. It typically involves offering up a link or document to select and then asks for personal information to reveal the urgent matter or immediately starts to download malware upon clicking. A big thing lately is impersonating a mail carrier and stating you missed a package.
- Spear Phishing: This is similar to phishing but in spear phishing, they target specific individuals by gathering information on their characteristics, job positions and then send them campaigns tailored to them in hopes they are more likely to click.
- Baiting: This tactic is just what it implies. It involves baiting the victim with false promises or physical media used to lure users and into a trap that steals personal information or infects systems with malware.
- Scareware: this happens when the attacker bombards one’s system with fake malware and false alarms. Then prompts them to download a needless software with no real benefit other than to allow the perpetrator to install malware themselves.
- Pretexting – Where an attacker obtains sensitive information by telling a series of lies by impersonating a co-worker/police/bank or tax officials. Microsoft reports that social engineering attacks have jumped to 20-30,000 a day in the U.S.
Ultimate Defense:
- A multi-layered cyber security approach.
- Cyber Security training for employees.
JFG Business Tech can help with both. We are here to help employ the right security system for your company and to aid in teaching you and your staff members how to avoid social engineering attacks.