As the rise of technology continues society is seeing more deep technology adopted, such as cryptocurrency ETFs accepted, and more AI tools used across industries. The downside is that the extension of technology increases the risk of cybercrime.
Social engineering is the most common and successful method an attacker will use to gain access to private information. Social Engineering is a technique used by scammers to gain access to a user’s credentials by eliciting the information directly from the user. This is usually done by pretence, with the scammer posing as an authority or credible figure.
Researchers at Coin Insider have identified and analysed the need-to-knows about Digital Journal readers for avoiding social engineering attacks.
To highlight this, the IBM Cost of a Data Breach report notes that globally $4.5 million was lost due to data breaches through social engineering techniques. Here, the U.S. is hit hardest, with the highest data breach cost.
Phishing and stolen (or compromised) credentials were the two most common initial attack vectors. The number of unique phishing sites detected worldwide is at 1.35 million.
Most phishing sites targeted financial institutions, looking to gain inside access. The main channel phishing scams operate through SMS (76 percent), webmail, and web-based software (18 percent). Most scams are through social engineering, which relies on a manipulation of a person’s ability to trust.
The research reveals two types of valuable information that a malicious entity might seek out:
Type 1 (valuable information):
- Personal Identifiable Information (PII)
- Parental Personal Identifiable Information (PPII)
- Protected Health Information (PHI)
- Free Application for Federal Student Aid (FAFSA)
- Financial Information (FI) Employment Information (EI)
- Institutional Partnership Information (IPI) Intellectual Property / Academic Research
- 3rd Party Vendor Information Payment Card Information (PCI)
Type 2 (open source intelligence):
Full Name (First, Last, Middle) Job title & role
Monitor/review social media accounts Monitor personal & institutional news feed
Explore old versions of websites Public directory (phone & email)
Google map & satellite imagery Public photos (Flickr, Google Images, etc.)
An attacker can use Type 2 information to construct an authoritative identity and can engage with you in a manner in which you’ll trust because it feels as if they are who they say they are or a person you know.
