Types and Impact of Social Engineering Attacks

Social Engineering refer to the art of manipulating people into performing actions or divulging confidential information. Cybercriminal uses different platforms like Facebook, LinkedIn or Email to spread malicious link. Social engineering attacks has proven to be very successful way for criminal to “get inside” your organization.

Content Summary

Types of Social Engineering Attacks
Impact of Social Engineering Attacks
Source

Types of Social Engineering Attacks

Phishing
Email sent under false pretenses to trick users into supplying attackers with their login credentials. Types of Accounts Phishers Target:

  • Financial Services: 37%
  • Global Internet Portals: 26%
  • Social Networking Sites: 17%
  • Telephone & Internet Service Providers: 7%
  • Other: 13%

Spear Phishing
A targeted phishing email. 91% of the most advanced attacks start with a spear phishing email.

Vishing (Voice Phishing)
Calling a target pretending to be a person of authority, such as an IT supervisor, to pump someone for credentials or important information. UK banks alone lost £21 million from vishing attacks in 2014.

Smishing (SMS Phishing)
Phishing messages sent through text messages rather than email. 200 million SMiShing messages are sent worldwide everyday.

Mining Social Media
Learning more about targeted people through social media in order to build better phishing lures. Between 52 million and 97 million Facebook accounts are fake or duplicate accounts.

Man-in-the-Middle Attacks
The attacker impersonates a company by highjacking an SSL connection between a browser and legitimate web server by exploiting server-side vulnerability. Just a single rogue DNS attack in 2014 targeted all of the customers at over 70 financial institutions.

Man-in-the-Browser Attacks
Same principles as Man-in-the-Middle, only exploiting vulnerabilities in the browser itself. 90% of enterprises are exposed to man-in-the-browser attacks.

Impact of Social Engineering Attacks

  • Over a third of phishing attacks target users of financial services.
  • Losses associated with security incidents in the finance sector increased by 24% in 2014.
  • Financial services encounter security incidents 300% more frequently than other industries.
  • 48% of companies say social engineering attacks cost them more than $25,000 per incident, but only about a quarter of companies do ongoing training to prevent social engineering attacks.

Source

Codomo SSL Store: What is the Best Way to Stay Safe from Phishing?