Social Engineering Scams

Social Engineering describes a scheme that targets a small number of potential victims using any combination of the phishing techniques described above in a complex fraud. It could even involve an impersonator showing up in person with the goal of gaining physical access to a system or building. The purpose of Social Engineering is to psychologically manipulate targets into disclosing sensitive information or taking inappropriate actions. Many times, victims have no idea they did something wrong until the fraud is exposed.

 

Cybercriminals’ motives are the same with social engineering scams as with tech support scams. The goal is to motivate a user to complete a form or install something to access information or money. One example is an iPhone giveaway, which starts asking a series of questions on the first page. When the user is 20% done, there is a new questionnaire and then another questionnaire, until they have collected all the user’s confidential information and now the user is just 10% away from getting an iPhone. There’s nothing inherently wrong with these ads because they are legitimate rewards. There is no way to distinguish between legitimate and malicious ads because they are intermingled within the very fabric of internet advertising. One out of 10 ads are malicious, but they are precisely the same as legitimate ones, there are no files or malware to detect. 

Example: Screen shots of iBitcoin frauds that are part of social engineering scams.

SlashNext Blog | Social Engineering Scams

Phishing Threats

Today, while man-in-the-middle (MiTM) attacks are still a big concern, the security endpoint has changed to the browser, creating a MiTB phishing threat that poses real danger.

In recent years phishing has become the number one threat action over malware. Recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks.

 

Just how prevalent are these phishing callbacks and C2 infections? In every client install we perform – 100 percent! – we see C2 infections and callbacks. Are you compromised?

In 2020 phishing exploded as the world faced a 100-year pandemic and many people moved to remote working and learning, which changed the phishing threat landscape forever. 

It’s Time to Get Started with SlashNext

Learn how to leverage the industry’s best zero-hour phishing protection and IR solutions in your environment.

Close Menu