Social engineering attacks have been on the rise in the last year, and staying a step ahead of cyber criminals continues to tax the resources of midmarket IT teams. These specialized phishing attacks with a high rate of success continue to catch users off guard.
Social engineering attacks, most commonly distributed via email, are disguised to look like it comes from someone the target knows, such as a boss, fellow employee, or relative. These attacks have also been sent through social media such as Facebook messages and even through phone calls.
Messages typically have outgoing links to malicious websites that ask the user to enter sensitive information, such as an account name and password. Successful messages use attention grabbing subject lines involving topics like bonuses or firings. When messages, at a quick glance, appear to originate from a valid source and appear business related, users are less likely to check for signs that the link is malicious and go through proper precautionary steps.
Another tactic cyber criminals employ works alongside valid messages the target expects to see. For example, an attacker might click a password reset link or enter fake passwords with a user’s ID until a password reset is forced. The user will receive a password reset email like normal, but the attacker instead sends a message that appears to be from your company’s IT department with a fake explanation of the issue and what happened. The message promises the issue can be fixed if the target provides the code in their email, which actually gives the attacker full access to their account. A busy employee might not think twice about this before giving out their information.
Taking protective measures
Social engineered attack messages are constructed differently than more obvious spam messages. Spam filters have trouble catching them since they are carefully designed to look legitimate. While increasing filter rules to block potentially suspicious messages can help, it takes dedicated resources such as using machine learning to look for new patterns.
The real goal of the messages is to take advantage of unsuspecting users by tricking them into letting their guard down. Keeping your employees informed on what these attacks are and how to identify them is a good step to keep your company protected. Even security professionals have been fooled by these attacks however, so this approach is not bulletproof.
If you need one quick, effective step to fight these attacks, you should raise awareness of them among your IT and security teams. These are employees who can view and control messages that users have already received and take action accordingly. The influx of messages will still demand some level of automation to deal with, but these users have a very effective reach in fighting off attacks your other employees might miss.