Report shows increase in social engineering

Proofpoint’s The Human Factor 2018 Report revealed that over the past year, cyber criminals have continued to increase their use of social engineering, building up the number of attacks that rely on human interaction.

Social engineering is at the core of many of today’s attacks, seeking to exploit the curiosity of unsuspecting users. Common tactics include creating a sense of urgency, impersonating trusted brands, seeking to exploit natural curiosity and taking advantage of frequent events such as software updates. These simple techniques are used daily and continue to work in emails and on social media.

The report found that about 55% of social media attacks that impersonated customer-support accounts specifically targeted the customers of financial services companies. Furthermore, 95% of observed web-based attacks that featured ‘fake browser’, ‘plugin updates’ or similar within malvertising campaigns, incorporated social engineering to trick users into installing malware.

Key findings

  • Dropbox was revealed as the top lure for phishing attacks. There were twice as many phishing messages sent using Dropbox compared to the next popular method.
  • Although Dropbox was the top lure for phishing attacks, DocuSign attacks received the highest click rates – five times higher than the average click rate for the top 20 lures. This demonstrates that volume does not necessarily equate to effectiveness.

The human factor

As threats continually evolve in sophistication and volume, one thing remains constant – the human factor. It is now more important than ever to train your staff on the risks of phishing attacks.

Organisations need to educate their staff to be alert, vigilant and secure. One click from an unsuspecting or curious user could infect your whole organisation and severely damage your reputation.

Our Phishing Staff Awareness E-learning Course helps employees identify and understand phishing scams, explains what happens when people fall victim and shows them how to mitigate the threat of an attack.

Find out more about phishing >>

Leave a Reply

Your email address will not be published. Required fields are marked *