According to Verizon’s 2018 Data Breach Investigations Report, social engineering represents 93 percent of email breaches. While social engineering and spear phishing attacks have malicious intent to get something from the user, they are built differently from other attacks. They don’t have anything malicious attached to them, making them difficult to detect and often successfully passing through traditional email security gateways.
Social engineering attacks are evolving
There are numerous examples of social engineering attacks that have changed to deceive end-users, including:
- Brand impersonation, where users are asked to reset their credentials on a spoofed page.
- Business email compromise (BEC), where the “CEO” is asking for gift cards to be sent to an external or unfamiliar address.
- Distracted emailing, where attackers send malicious emails at busy times, such as during the morning commute, when users may not carefully or fully read emails before responding or interacting.
The list of potential social engineering threats goes on and continues to grow.
Layering security is a best practice for protecting inboxes. However, no matter the amount of technical controls over our email, MSPs and their clients must always be prepared for a social engineering attack to land in a user’s inbox.
How the user interacts with the attack will depend on how well they are trained to spot, avoid, and report these threats. A security awareness training program educates users to understand these types of attacks and will turn these users from a potential liability into an additional layer of defense.
For tips on for creating an effective security awareness training program, join Barracuda MSP for an upcoming webinar on March 12th at 2:00 PM (ET). During this webinar, attendees will learn the components of a security awareness program, new compliance regulations, how to understand the components at play, how to mind your vectors, define your workflow, and more. Learn how to better protect your end-users from social engineering attacks.
Photo: wk1003mike / Shutterstock