Cybercriminals targeted Star Wars fans in a recent phishing campaign designed to steal credit card data by enticing fans with an early movie screening.
On the premise that the best defense is understanding the real nature of the offense – or, in this case, offenses, since cyber security addresses a multi-front battleground – it’s useful to think in terms of concentric circles, broad steps any small or midsize business can take to maximize safety.
Do you know who is calling you? In many cases, employees rely on caller ID or a familiar name to allow callers to build trust and potentially exploit them. Vishing (or social engineering) is a practice where verbal communication is used to deceive a potential victim.
As companies increase their cybersecurity defenses, fraudsters are now targeting call centers with easily obtained and plentiful personally identifying information and they are sharing it too.
When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
Much like the It (the clown), phishing goes by many names, has become much more adept at preying on the hopes and fears of individuals, and is growing rapidly as criminals learn which techniques are most effective.
Cyber criminals are now using sophisticated social engineering techniques to target employees and trick them into handing over funds and divulging sensitive corporate data. Luckily there are a number of steps organizations can take to protect themselves and their employees from this increasingly popular and successful form of threat.