Depending on the country, the sector of activity and the people targeted, social engineering accounts for between 70% and 90% of cyber-attacks. Therefore, we would like to remind you once again what exactly it is, so that you can be prepared and recognize any fraudulent communication in time.
What is social engineering?
It is a set of cyberattack techniques and methods used by cybercriminals to deceive users. The most common is the impersonation of a trusted contact or entity (e.g. a manager, a bank, a public entity or any other trusted person). This makes it easier for us to make a mistake and provide confidential information, personal data or even access routes (e.g. links to internal resources or platforms, passwords, documentation, etc.).
In addition, as the cybercriminal manages to contact the User directly (both in the professional and personal sphere), he avoids being detected by some security software that protect the computer systems of organizations (antivirus and firewall).
The socially engineered cybercriminal may be motivated by various interests:
- Easily get hold of passwords to access platforms, applications, mailboxes and other technologies used.
- To install a virus or malware through infected links or attachments, for which the User has to click on them or download them.
- Blackmailing the company, sending a threatening communication and asking for an amount of money in exchange for regaining control over the information, preventing stolen data from being leaked, or preventing the cybercriminal from damaging systems or deleting data from them.
How can we avoid it? We will be analyzing it in the coming weeks, as we explain the different techniques (Phishing, Vishing, Smishing) and give you specific recommendations for each of them.
Until then, the general rule of thumb is to be wary of any unusual communication and to “double check”, i.e. cut off the conversation and contact the alleged sender by other official means to ask if what is being requested is real.
IMPORTANT NOTE: If you have the slightest suspicion about a communication or believe you may have been the victim of a cyberattack, do not hesitate to report it to your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately. And on a personal level he reports the cyberattack to the police authority.
*Shipment date: March 17, 2025