5 New Social Engineering Tactics
Criminals Are Using Right Now
Pandemic panic, desperation as income concerns grow and worry over health and wellness have all made it easier for criminals to tap into fear via social engineering attacks. Deepfake video is on the list, see the rest..
1. Malicious QR codes
QR code-related phishing fraud has taken off in the past year. QR codes (those machine-readable, black-and-white matrix codes arranged in a square) have become an increasingly popular way for companies to engage with consumers in the midst of COVID-19. Unfortunately, criminals have responded by creating codes that direct victims to malicious websites.
2. Browser notification hijack
Websites have long asked visitors to approve notifications. What was once a useful way to keep people up to date is now also a social engineering tool. These “push” notifications have been weaponized, because scammers know many users will blindly click “yes” to allow them.
3. Collaboration scams
Using this tactic, criminals target professionals in collaborative fields: designers, developers, even security researchers. The lure is an invitation to collaborate on work. Pandemic lockdowns and the growth of working from home have increased people’s comfort with remote collaboration. Typically, the threat actors send a Visual Studio Project containing malicious code.
4. Supply chain partner impersonation
Attacks that exploit parts of an organization’s supply chain are now a big problem. Targeted emails look like they’re from a trusted partner, but are in fact from bad actors posing as employees of those firms.
5. Deepfake recordings
Social engineers are now using deepfakes—startlingly realistic recordings that simulate a specific person’s appearance or voice—to trick victims into divulging information or performing an action that benefits the attacker. In one example, a fake recording of a CEO was used to instruct an employee to immediately transfer money to an international account.
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 5 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 New Social Engineering Tactics Criminals Are Using Right Now
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
- Security Is Critical to Pandemic Recovery
- Using Instagram Securely
SecuritySense is a subscription service that provides you with concise, easy to understand and easy to read employee cyber security awareness content.
Subscribers receive articles and stories that support your employee security and cyber security awareness training program at a very cost effective price
Protect Yourself & Your Company From Cybercrime
We Make it Easy to Promote Employee Security Awareness Throughout the Company in a Way That’s Well Received by Everyone
Content Needs a Strategy to Work
People pay attention to content they find personally relevant. Learn more about our content strategy
What’s Missing from Your Cyber-Strategy?
Awareness is a state of mind you’re trying to get you company into. Find out what really gets you there. Learn how to persuade people
Compare Our Per Employee Cost
Talk about cost-effective! Compare our per employee annual cost with what you might pay for training platform seat licenses. It’s a no-brainer to add SecuritySense to your program. See pricing