According to the 2017 Verizon Data Breach Report, 43% of all documented breaches involved social engineering.
With over 130 QIR certified technicians, Retail Data Systems invests in knowledge of the PCI compliance requirements through PCI Security Standards Council certification courses. We strive to provide the best service and equipment to meet those requirements, while also working hard to understand new threats our clients face in the cyberworld. Security awareness is one of the very first steps on the road to compliance and a crucial part of protecting your business.
Social engineering scams come in all different shapes and sizes. This works well considering the target of the scams have different levels of experience and education with technology. If you’ve ever taken a look in your email Spam folder, you are likely to see some obvious examples of phishing scam attempts. The most common (and comical) tend to be those from broken English estate lawyers reaching out about a dearly departed and wealthy relative from overseas. Luckily spam filtering exists to weed out emails like this. But as funny as those attempts may seem, the results of successful attempts are far from humorous.
An example of a more elaborate social engineering scheme began after the IRS website was breached back in 2015. Because scammers had gained access to social security numbers and sensitive information on more than 700,000 tax payers, they were able to construct a remarkably sophisticated story, unlike our spam folder friends. These predators used a tool that spoofed their phone number, making it appear that the call originated from the IRS. Using fake IRS badge numbers, they intimidated their victims with threats of audits, property seizure, and even arrest if “back taxes” were not immediately transferred. They successfully stole money from countless victims, and that money is unrecoverable.
Over the last several years, there has been an increase in social engineering attacks for one reason: they work! As outlined in Security Through Education blog post: Why Attackers Might Use Social Engineering, “Social engineering tactics (especially phishing, vishing, and impersonation) are being used, in conjunction with digital hacking methods to make attacks more effective and inevitably more profitable for attackers.
Because these tactics have worked at such high rates, human error is deemed the largest security threat to any organization. When taking into account the variation in sophistication of social engineering attacks and their end goal, it becomes apparent why cultivating security awareness and protecting proprietary information is so important.