5 Social Engineering Tactics Criminals Are Using

Trusted relationships, online habits, health scares, political strife, inflation worries (pretty much anything that’s in the news!), social engineers can use just about anything as pretext to get you to drop your guard and let the fox into the chicken coop. 

Take a few seconds to get an idea of what kind of tactics are being used to take advantage of your usual habits and trusting nature.

1. Malicious QR codes

QR code-related phishing fraud has really taken off.  QR codes (those machine-readable, black-and-white matrix codes arranged in a square) have become an increasingly popular way for companies to engage with consumers.  Unfortunately, criminals have responded by creating codes that direct victims to malicious websites.

2. Browser notification hijack
  

Websites have long asked visitors to approve notifications.  What was once a useful way to keep people up to date is now also a social engineering tool.  These “push” notifications have been weaponized, because scammers know many users will blindly click “yes” to allow them.

3. Collaboration scams 

Using this tactic, criminals target professionals in collaborative fields: designers, developers, even security researchers. The lure is an invitation to collaborate on work.  The growth of work-from-home has increased people’s comfort with remote collaboration.  Typically, the threat actors send a meeting invite containing malicious code.

4. Supply chain partner impersonation 

Attacks that exploit parts of an organization’s supply chain are now a big problem.  Targeted emails look like they’re from a trusted partner, but are in fact from bad actors posing as employees of those firms.

5. Deepfake recordings

Social engineers are now using deepfakes—startlingly realistic recordings that simulate a specific person’s appearance or voice—to trick victims into divulging information or performing an action that benefits the attacker.  In one example, a fake recording of a CEO was used to instruct an employee to immediately transfer money to an international account.

© National Security Institute, Inc.

A Smart Allocation of Resources

Regulatory Compliance

Reduces Human Risk Factor

Well Received by Everyone

Accelerated Security Awareness

Easy to Implement

Concise and To-the-Point

Flexible & Easy to Use

Email the Fully Formatted PDF Newsletter

Deliver SecuritySense micro-training posts instantly by emailing the fully formatted PDF newsletter you receive from us on the first of each month like clockwork. 

Upload the PDFs to Your Internal Website

Upload the entire newsletter. Upload individual micro-training posts to call out security issues you want your people to focus on that month. 

Paste Our Content Into Your Existing Communications

Use the text version of SecuritySense micro-training posts to supplement other internal communications vehicles. 

Integrate HTML into Your Internal Website

Use the HTML version of SecuritySense micro-training posts to easily integrate them right into your internal facing website.