5 Social Engineering Tactics Criminals Are Using
Trusted relationships, online habits, health scares, political strife, inflation worries (pretty much anything that’s in the news!), social engineers can use just about anything as pretext to get you to drop your guard and let the fox into the chicken coop.

Take a few seconds to get an idea of what kind of tactics are being used to take advantage of your usual habits and trusting nature.
1. Malicious QR codes
QR code-related phishing fraud has really taken off. QR codes (those machine-readable, black-and-white matrix codes arranged in a square) have become an increasingly popular way for companies to engage with consumers. Unfortunately, criminals have responded by creating codes that direct victims to malicious websites.
2. Browser notification hijack
Websites have long asked visitors to approve notifications. What was once a useful way to keep people up to date is now also a social engineering tool. These “push” notifications have been weaponized, because scammers know many users will blindly click “yes” to allow them.
3. Collaboration scams
Using this tactic, criminals target professionals in collaborative fields: designers, developers, even security researchers. The lure is an invitation to collaborate on work. The growth of work-from-home has increased people’s comfort with remote collaboration. Typically, the threat actors send a meeting invite containing malicious code.
4. Supply chain partner impersonation
Attacks that exploit parts of an organization’s supply chain are now a big problem. Targeted emails look like they’re from a trusted partner, but are in fact from bad actors posing as employees of those firms.
5. Deepfake recordings
Social engineers are now using deepfakes—startlingly realistic recordings that simulate a specific person’s appearance or voice—to trick victims into divulging information or performing an action that benefits the attacker. In one example, a fake recording of a CEO was used to instruct an employee to immediately transfer money to an international account.
© National Security Institute, Inc.

A Smart Allocation of Resources
Regulatory Compliance
Reduces Human Risk Factor
Well Received by Everyone
Accelerated Security Awareness
Easy to Implement
Concise and To-the-Point
Flexible & Easy to Use
Email the Fully Formatted PDF Newsletter
Deliver SecuritySense micro-training posts instantly by emailing the fully formatted PDF newsletter you receive from us on the first of each month like clockwork.

Upload the PDFs to Your Internal Website
Upload the entire newsletter. Upload individual micro-training posts to call out security issues you want your people to focus on that month.

Paste Our Content Into Your Existing Communications
Use the text version of SecuritySense micro-training posts to supplement other internal communications vehicles.

Integrate HTML into Your Internal Website
Use the HTML version of SecuritySense micro-training posts to easily integrate them right into your internal facing website.