Social engineering attacks refer to the attempt to manipulate targeted individuals into providing confidential information online. These attacks fool victims by using techniques to conceal the true identity of the hacker, presenting them instead as a trustworthy individual or organisation.
How common is social engineering in real life?
According to a study conducted in 2018, 17% of targeted individuals fell victim to social engineering attacks. These attacks can place a company’s entire network at serious risk. The most recognised form of social engineering is phishing, where attackers exploit individuals by sending infected emails with links or attachments that lead to malicious websites.
What are the effects of social engineering?
Any cybersecurity attack can have a catastrophic impact on a business, no matter the size. Therefore, ensuring your team is prepared to deal with these seemingly trustworthy messages is so important. Some effects of an attack include:
Financial implications: Most of the time, attackers are after the cash. This technique is often used to fool employees into paying money into fake accounts on behalf of their company. This could be a criminal falsely posing as a legitimate supplier requesting payment. This is especially effective where finance teams do not work closely with purchasing and are less likely to spot a seemingly accurate invoice for something that has never actually been ordered.
Damage to business reputation: Cybersecurity attacks are also dangerous because of the risk to the integrity of both business and customer information. Customers feel safest when those they share their data with incorporate data protection conformance very clearly into their processes.
Halt to business productivity: Social engineering attacks rely on gaining a certain amount of trust over a period to successfully manipulate an individual into handing out confidential information. This often results in a significant amount of lost time. Both the scam itself and resulting recovery operations can be extremely time consuming, not to mention costly.
Real Life Social Engineering Examples
Unfortunately, social engineering attacks such as phishing, baiting and scareware are common because of their realistic appearances online. We all think we won’t fall victim to these scams, right? In reality, social engineering attacks are extremely believable and so many people are easily fooled into freely handing out information or clicking that link.
Here are some examples of real-world stories that might help convince you of the severity of these attacks:
1. The 100-million-dollar Google and Facebook Phishing scam:
One of the biggest social engineering attacks of all time was conducted by a Lithuanian national who went up against both Facebook and Google. The attacker’s team set up a fake company that posed as a computer manufacturer working with the two companies.
Next, emails were sent to employees, invoicing them for goods and services that another supplier had provided. The group then directed this cash to fraudulent accounts.
2. The SharePoint phishing fraud that targeted remote workers
This very recent phishing attack saw attackers use cloud-based software to request signatures on a document hosted by (apparently) Microsoft SharePoint. The email contained the malicious link, which employees believed to be legitimate because of its appearance. Such criminals are extremely sophisticated in the way they present malicious links, which is why so many people fell victim this attack.
3. The White House Hack
The White House itself fell prey to an attack last year – although the intent was more mischief than malice. Many have tried to access the networks within the White House in the past. On this occasion they were successful. Posing as Jared Kushner, a key member of former President Donald Trump’s team, the UK-based individual was able to secure the private email address of the administration’s cybersecurity chief. If the most powerful office in the world can be breached, it just goes to show that just about any organisation is vulnerable.
The time and dedication put into conducting social engineering attacks makes these scams much more realistic and dangerous for anyone who finds themselves a target.
If you want to start taking the right precautions to protect your business from unwanted attacks, then get in touch with us today or find out more here.