5 New Social Engineering Tactics 
Criminals Are Using Right Now

Pandemic panic, desperation as income concerns grow and worry over health and wellness have all made it easier for criminals to tap into fear via social engineering attacks. Deepfake video is on the list, see the rest..

1. Malicious QR codes 
QR code-related phishing fraud has taken off in the past year.  QR codes (those machine-readable, black-and-white matrix codes arranged in a square) have become an increasingly popular way for companies to engage with consumers in the midst of COVID-19.  Unfortunately, criminals have responded by creating codes that direct victims to malicious websites.

 

2. Browser notification hijack  
Websites have long asked visitors to approve notifications.  What was once a useful way to keep people up to date is now also a social engineering tool.  These “push” notifications have been weaponized, because scammers know many users will blindly click “yes” to allow them.

 

3. Collaboration scams 
Using this tactic, criminals target professionals in collaborative fields: designers, developers, even security researchers. The lure is an invitation to collaborate on work.  Pandemic lockdowns and the growth of working from home have increased people’s comfort with remote collaboration.  Typically, the threat actors send a Visual Studio Project containing malicious code.

 

4. Supply chain partner impersonation 
Attacks that exploit parts of an organization’s supply chain are now a big problem.  Targeted emails look like they’re from a trusted partner, but are in fact from bad actors posing as employees of those firms.

 

5. Deepfake recordings
Social engineers are now using deepfakes—startlingly realistic recordings that simulate a specific person’s appearance or voice—to trick victims into divulging information or performing an action that benefits the attacker.  In one example, a fake recording of a CEO was used to instruct an employee to immediately transfer money to an international account.

© National Security Institute, Inc. www.nsi.org

 

SecuritySense is a subscription service that provides you with concise, easy to understand and easy to read employee cyber security awareness content. 

Subscribers receive articles and stories that support your employee security and cyber security awareness training program at a very cost effective price

 

SecuritySense

Protect Yourself & Your Company From Cybercrime

We Make it Easy to Promote Employee Security Awareness Throughout the Company in a Way That’s Well Received by Everyone

Content Needs a Strategy to Work

People pay attention to content they find personally relevant.  Learn more about our content strategy

What’s Missing from Your Cyber-Strategy?

Awareness is a state of mind you’re trying to get you company into. Find out what really gets you there.  Learn how to persuade people 

Compare Our Per Employee Cost

Talk about cost-effective! Compare our per employee annual cost with what you might pay for training platform seat licenses. It’s a no-brainer to add SecuritySense to your programSee pricing