27 September 2021
The Simple, Yet Complex Nature of Social Engineering
Scmagazine.com published an article by DataArt security consultant Andrey Barashkov on social engineering scams. The article explores why social engineering is so effective, why phishing scams are not as easy to execute as people often think, and why fraudsters don’t just focus on phishing anymore.
«Employees are the weakest links in a security system. Fraudsters use psychological manipulation to build a trust relationship with their targets. Afterward, it’s much easier to exploit that bond and obtain necessary information. Moreover, many employees use their corporate email addresses to register on social networks. This greatly increases the likelihood of a successful cyberattack.»
«Despite the popular opinion that email phishing attacks are easy to execute, the process of launching a successful campaign requires significant preparation.»
«These days, fraudsters have turned to more targeted social engineering attacks with a mix of techniques to avoid traditional security controls.»
«Security pros should remember the following: It’s very rare that quality resources are handed out for free, always double-check an email address and sender’s details, users who are in doubt should report the abuse to the Infosec department, finally, take social engineering tests seriously. They let security teams quickly find patterns and recognize malicious activities.»
Original article can be found here.