Social Engineering

This past summer we wrote an article about the dangers of social engineering and how to prepare your organization for a socially engineered cyber attack. To reiterate: Social Engineering is the use of fraud to manipulate individuals from their personal information. This means driver’s licenses, passports, medical records, and bank information, are all examples of records that can be accessible to social engineers to steal information from you.

Why you and your organization should be aware of Social Engineering 

Social engineering can impact your personal data as well as your business’s data. These cybercriminals rely on the ability to manipulate individuals rather than hacking computer systems to invade a target’s account. Hackers know not to go through any protected systems because humans are much easier to break down. Hackers find out any small piece of information and take advantage of human weaknesses to gain access to personal information. Thus, playing an important role in individuals educating themselves on these cyber risks and their extreme dangers to your confidential information.

Attack methods

Social engineering has three types of styles and methods in using psychological tricks to steal your personal information.

Physical Social Engineering Attacks

Starting with Physical social engineering, hackers attack by dumpster diving or tailgating, trashcans, open access to the property and office receptions are also examples of the typical vectors associated with physical social engineering.

Technical Attacks

Technical social engineering attacks by password hacking and online profiling and the typical vectors include malware, unsecured network systems, and social media.

Socio-Technical engineering

Socio-Technical engineering attacks by phishing and watering holes, the typical vectors include emails, social media posts and compromised websites.

Social media

Social profiling is one of the easiest ways in hacking someone’s account in gaining information from that person to use against them and steal their identity. The problem and potential impacts grew from the popularity of social media platforms; social media users are a gift to social engineers since all their official records are online. For example, A social media post “I hate my job” can attract hackers. The post will be noticed and the hacker will get personally target the individual.  The criminal will pose as a bogus recruitment consultant will extract personal information as a trusted source. These social engineers have worked profile by profile to build targeted social profiles; through analysis of information, social media posts, pictures, or any holidays/birthdays.

Where are cybercriminals investing?

To understand more about cybercriminals and social engineering, the use of phishing techniques is now very well-established in cybercrime. New techniques are coming out every day when it comes to cyber threats. These techniques include social profiling, fake voices, deep fake voices, and mouth mapping. The growing performance of computer systems have made mimicking specific voices possible. The majority of investment goes into, “voice conversion” and “text-to-voice.” Voice conversion involves two voices (the source and the target) and the application of software to convert one voice to another. text-to-voice conversion allows a mimicked voice to say whatever the user of that software submits via text.

Researchers expect full voice conversion and text-to-voice to be available services on mobile phones and create mimicked voices in about 3-5 years; this will conclude into serious economic/political consequences of cybercrime. Mouth mapping is another technique that is becoming popular in cybercrime; this includes, complementing existing fake voice technologies and is well suited to political and journalist targets. This technique is also applicable to social media and web conferencing.

A solution to Social Engineering

Social engineering is a crucial component of any written policy on cyber liability protection relating to individuals and companies.  With this in mind, make sure you and your organization have cybersecurity awareness training to recognize the specifics of cybercrime and social engineering; bits of pieces of information given to hackers from different user’s accounts without the users even being aware of it. Putting into place, risk management, frameworks, security strategies, and analytics tools will consider the threat.

At Metropolitan Risk, we offer a comprehensive Cyber Risk Assessment to ensure that businesses are protecting themselves from cyber attacks with the best resources possible. Click here if you are still looking for more info or you have any questions. We have a team of Risk Management specialists who are here to help!