Social engineering, vishing and scams – three scenarios

Scenario 1

It’s lunchtime and a member of your financial staff, the assistant accountant, is taking his break. He is eating his sandwich while browsing one of his social media profiles. He stops by the post “100 brand new iPhone 6s to first 100 likes: like and share to win your mobile”. He doesn’t think twice: he likes the post and shares it with his closest friends. Too happy about this twist of fate, he doesn’t see that something was downloaded on his machine. That’s a social engineering attack.

Scenario 2

The HR manager’s phone is ringing. She answers and the caller claims to be from the bank and is asking about a possible data breach that might have made some of her contact details accessible. He asks the HR manager to give him the username and passwords to access the company account, so he can check if everything is fine. Thinking nothing is suspicious because he claims to be from the bank, she gives him the details. That’s a vishing attack.

Scenario 3

The office administrator is booking three plane tickets for a business trip. He usually purchases them on the airline corporate website, but today, when confirming the order, he is redirected to a new page. He is suspicious, but the new page doesn’t look different from the rest of the website. So he proceeds with the order, types the credit card numbers and waits for the confirmation. He doesn’t realise that the new page URL doesn’t begin with https. That’s a scam.

Days later:

  • Someone accessed a restricted account using an employee’s login credentials.
  • The monthly bank statement shows a bank transfer to a money transfer agency in China.
  • Your credit card statement shows a purchase for £5,000 in Russia.

You have been breached and robbed.
Could this have happened to you? Yes, it could.
Could these situations have been avoided? Yes, they could.

Spot the bait before it’s too late

The Phishing Staff Awareness course has been developed to educate employees to be alert, vigilant and secure. Using specific terminology and real-life scenarios, it guides staff through the different phishing attacks they might encounter in their daily work, and teaches them how to easily spot the bait and avoid falling in the net. The final 16-question multiple-choice test will assess your staff’s understanding of the topic and, if successfully passed, they will be awarded a certificate. If they fail, they can re-take the test until the pass mark is achieved.

Secure your company boundaries by investing in your staff. Enrol your staff on the Phishing Staff Awareness Course now >>

 

Share now…

Share on Twitter Share on Facebook Share on LinkedIn