Gretel Egan | March 16, 2015

Risky Business: Social Engineering

Last updated: January 15, 2019


Cons…hustles…frauds…rackets…whatever your preferred terminology, tricks that take advantage of human vulnerabilities fall under the umbrella of “social engineering.” The notion of exploiting someone’s good nature for personal gain is older than Judas and may seem completely disconnected from today’s high-tech landscape. But the reality is that technology only serves to magnify the scope and reach of social engineering scams.

From phishing emails and SMS/text phishing (smishing) messages, to voice phishing (vishing) calls and in-person ploys, social engineering threats are pervasive, persistent, and damaging to individuals and organizations. And technical safeguards are no match against users' poor decision-making in these situations.

The human component is a critical factor on both sides of the equation. On one hand you have scammers who tap into human weaknesses, devising deceptions that seem real and believable. But on the other hand is the fact that these scams have no legs unless the marks allow themselves to be manipulated. It all rides on the targets; without buy-in, there is no success.

We know that employee behaviors can make or break a social engineering attack ... and industry experts agree. The results of a Dark Reading flash poll back in 2014 revealed that 56% of security professionals found lack of employee awareness to be the most dangerous social engineering threat to their organizations. If anything, things have gotten worse since then, with attackers specifically shifting their focus to human exploits rather than technical ones. That’s why it’s so critical to teach users how to recognize scams and react appropriately.

Security Awareness Training Color Bar

Download The Human Factor 2018

Security Awareness Training Color Bar

Three Risky Behaviors to Address

We design our interactive assessments and training modules to give employees insights into real-world social engineering attacks, providing hands-on practice that helps users identify and evade traps. Following are three key behaviors our security awareness and training programs can address and improve, reducing risks within your organization:

  1. Clicking without thinking – Phishing emails and smishing texts — even the most believable of the bunch — are nothing without interaction from users. Our assessments and training teach employees how to recognize dangerous messages, how to identify malicious links, and what to do with attachments and forms.
  2. Sharing too much over the phone – How easy is it to pretend to be someone you’re not over the phone? Ridiculously easy. The anonymity offered though voice-to-voice connections is the bedrock of vishing schemes. It’s critical that your employees know the warning signs associated with these types of attacks and the precautions they can take to ensure they don’t reveal sensitive information to unauthorized individuals.
  3. Giving imposters access to secure areas – Many social engineers are confident and brazen enough to execute their attacks in person. We teach your employees how to thwart imposters — including those who present themselves as technicians, vendors, and even coworkers — and how to respond to techniques like eavesdropping and tailgating.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now