A recent poll carried out by BSI highlighted phishing as the most frequent organization hack for 59 per cent of respondents, this was followed by malware at 44 per cent, web hack at 21 per cent, credit card hack at 18 per cent and wireless compromise at 12 per cent. For Cyber Security Month, BSI’s cybersecurity and information resilience team are focused on supporting organizations and individuals across industry sectors to raise awareness and mitigate the risks of social engineering techniques.
Social engineering techniques are becoming increasingly sophisticated and are being used to trick individuals into divulging confidential information or taking an action that may not be in their best interest. Understanding and being aware of the social engineering techniques attackers use is vital for everyone. Here BSI outlines the seven most common techniques currently being utilized:
- Phishing – This is the most prolific form of social engineering and is becoming increasingly sophisticated. It is a fraudulent attempt, whereby the attacker endeavors to steal personal or sensitive information by pertaining to be a well-known or trusted contact of the victim such as a colleague, bank, utility company, or government department.
- Spear phishing – This is where an attacker targets a specific individual of value within a business sector, company, or department and will research the target extensively to maximize their chances of success. Research can include obtaining specific knowledge about the individual and its organization through research, social media profiles, or using other publicly available information.
- Whaling attack – This is seen as a ‘big fish capture’ with the email designed to masquerade as a ‘critical’ business email containing highly confidential information. It is sent to upper management, claiming to be from a legitimate authority. This sophisticated phishing attack is used to steal confidential information, personal data, access credentials, and specific high value economic or commercial information.
- Smishing (SMS phishing) – Potentially the most financially damaging attack type, this popular technique carried out on mobile phones, is where a scammer sends a text message purporting to be from reputable companies that encourages the victim to pay money out or click on suspicious links.
- Voice phishing (vishing) – Scammers use this phone social engineering technique to gain access to personal and financial information by pretending to be a co-worker, bank official, a person of authority, or trusted individual. Typically asking to confirm identity information, this technique is used to steal credit card information and relates to identity theft.
- Business Email Compromise (BEC) / Email Account Compromise (EAC) – Attackers identify and research a target organization, send spear-phishing emails or calls to a victim, and convince them to perform legitimate business transaction
- Baiting (or physical baiting) – This is a wide-scale attack using online adverts, websites, or even memory sticks left in visible places. The adverts can include offers too good to be true or have urgent warnings. Once the victim clicks through or opens the memory stick a pop-up will appear tricking the user into giving personal information or giving a link to click that can result in a malware download.
Adam Hall, Senior Consultant – Cyber, Risk and Advisory at BSI explains: “Social engineering has escalated over the last few months and continues to rise day by day. With October being Cyber Security Month, we wanted to focus on raising awareness and educating on how to identify various threats to help improve the security postures of employees across all industry sectors as well as the wider community.”
“Our advice is to always think before you click if it sounds too good to be true, it probably is. Be aware of current phishing campaigns and the tone of an email and be particularly aware when it requests username and passwords or when it uses impersonal phrases. Always check if the senders’ address and the URL link match the company- roll the mouse over the link to see what the website is. If you have any doubt about the legitimacy of an email or any of the above technique scenarios we have highlighted, do not give out any information or open the email. Contact the individual directly by phone (using the advertised company phone number) to check for authenticity and report it to your IT department or relevant authority.”
Additional details on social engineering techniques and advice on identifying suspicious emails can be found here.
The Consulting Services team at BSI provides an expansive range of solutions to help organisations address challenges in cybersecurity, information management and privacy, security awareness, and compliance. For more information visit bsigroup.com/cyber-ie
More about Irish Tech News and Business Showcase here.
FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!
Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.
Drop us a line if you want to be featured, guest post, suggest a possible interview or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.
If you would like to be featured in our podcast series drop us a line & don’t forget to sign up for notifications for our latest episodes and follow us on Twitter, Linkedin, SoundCloud, iTunes or your own favourite podcast platform.
Contact us, by email, Twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick and talented, we look forward to working with you!
If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.