2019/10/30 IT & Cyber-Security Solutions 1332 visit(s)
Exploiting human instincts seems to be the easier way for cybercriminals to achieve their goals nowadays. The constant rise of social engineering (phishing, spoofing, business email compromise… etc.) is a great proof of this fact.
Logically, relying on human interaction makes a great alternative to targeting systems and infrastructures. If hackers had the potential to succeed by only using some tricks to install malware, initiate fraudulent transactions and steal data, why would they always bother to use more complicated methods?
However, cybercriminals would constantly make attempts to exploit system vulnerabilities from time to time even though it’s not their favorite way to attack a business. From their side, the much simpler way to infiltrate networks and systems is by targeting the humans connected to them through deceitful tactics and other means.
At the same time, these criminal methods make things much harder for SMBs doing nearly everything possible to protect their networks and systems.
While there are numerous attack vectors hackers can use to gain access to networks and systems, the top one, by far, is email.
Phishing campaigns are growing, especially those seeking email credentials from their victims. The study found this type of generic email harvesting accounted for nearly 25 percent of all phishing schemes in 2019.
Hackers are also using imposter attacks, which primarily rely on identity deception techniques, to siphon money from their intended targets — and the numbers are staggering.
Imposter scams, in general, are effective. Here are the numbers: Consumers reported losing a total of nearly $488 million to several types of imposter scams in 2018, according to the Federal Trade Commission (FTC).
Back in 2016, the FBI released data on the effectiveness of imposter emails. The agency learned that over several years, these attacks collected $2.3 billion by exploiting more than 17,000 victims.
These attacks were common in a variety of industries throughout 2018, including engineering, automotive, and education, but in 2019, a shift toward financial services, healthcare, and retail began, according to the report.
Businesses of all sizes are potential targets for imposter threats. Cybercriminals aren’t only using these attacks on larger organizations; they’re targeting SMBs, too, the report found.
By targeting humans, cybercriminals are exploiting instincts, many of which will help drive millions of dollars into the hands of threat actors — who will be sure to continue their efforts in the future.
First of all, you need to be wary of the information you and your employees reveal online. According to Proofpoint’s report, employees typically have larger digital footprints than others. The identities of 36 percent of employees are frequently attacked by cybercriminals because they can easily be found online (via corporate websites, social media, publications, and elsewhere). The report also suggests that the contact information for these identities is typically available in more than one place.
Unbelievably, executives revealing limited or zero information about themselves online aren’t targeted as much by cybercriminals. It’s a lot more difficult for threat actors to find contact information for these high-level executives. Only 7 percent of their email addresses can be found online, according to the study; however, of high-profile individuals who are more likely to be targeted by cybercriminals, 23 percent of their email identities can be found by simply using Google search.
After gathering the data, cybercriminals are attacking employees in a variety of ways. We’ve pointed them out in a recent blog.
You might also want to check out our blog titled: 5 Essential Cyber-security Strategies You Should Know About and Top Signs of a Spam Email & How To Stay Safe
Having an Email security is essential to protect users across multiple devices. As a strategic Cisco partner in Saudi Arabia, Ctelecoms provides a superior Cisco Email security solution to empower Saudi businesses to proactively eliminate all social engineering attacks (phishing, spoofing, spam, malware, spyware, business email compromise, and more.)
You can also explore our extensive range of IT and security solutions.
To learn more about how we can help you boost your security posture to its highest levels, get in touch with Ctelecoms team.