MNE

Pervasive Threats: Phishing and Social Engineering

Phishing, by definition, involves sending fraudulent communications, most commonly emails,
that appear to come from a known, trusted source. The goal is to steal sensitive data like
passwords, credit card numbers, or other personal information. Phishing emails often look
convincing, fully replicating the typical appearance of a company’s email and usually include
urgent calls to action, such as clicking a link to reset a password or confirm account details.

There are various tactics such as spear phishing, which targets specific individuals or
organizations, using personal information to make the message more convincing; whaling, which
targets high-profile individuals within an organization, such as executives, aiming to access
confidential company information; and clone phishing, which involves duplicating an authentic
email conversation and replacing the links or attachments with malicious content.

Social engineering goes a step beyond phishing, involving sophisticated manipulation of people
to get them to voluntarily perform specific actions or disclose confidential information. This
approach exploits people’s natural tendency to trust and often their insufficient awareness and
knowledge of threats. Social engineering usually involves creating a false but convincing
scenario to steal information. For example, an attacker may pose as an IT technician, offer false
promises or rewards, propose business deals, and similar ruses to persuade the victim to share
confidential information.

This type of attack is now significantly more dangerous because attackers can use true
personalized information gathered from social media and other sources to craft convincing
messages, and they often exploit current events, such as global pandemics, to create messages
that prompt victims to take urgent action.

The key to preventing these threats is education. Verifying the source of an email, call, or
message, checking the URLs of websites, and similar practices should become habitual,
especially if the communication contains requests for sharing any personal data, urgent actions,
and so on. Multi-Factor Authentication (MFA) is also a useful tool because it makes it harder for
attackers to gain access even if they manage to obtain a password through these methods.

Raising awareness and encouraging caution and proactive behavior in response to any suspicious
activity encountered in the cyber space can significantly reduce the success rate of such attacks.

Nina Pe

Share the news:

The latest news
The Critical Role of Cybersecurity in a World of Rapid Technological Change
The Critical Role of Cybersecurity in a World of Rapid Technological Change
03.10.2024
Women4Cyber Montenegro na InfoSec konferenciji: Edukacija i osnaživanje žena ključ za napredak u sajber bezbjednosti
Women4Cyber Montenegro na InfoSec konferenciji: Edukacija i osnaživanje žena ključ za napredak u sajber bezbjednosti
28.09.2024
Cyber Violence Against Women
Cyber Violence Against Women
09.08.2024
Disinformation as a Growing Cyber Threat
Disinformation as a Growing Cyber Threat
04.08.2024
Pervasive Threats: Phishing and Social Engineering
Pervasive Threats: Phishing and Social Engineering
04.08.2024
AI hallucinations
AI hallucinations
31.07.2024
The Use of AI and ML as Transformative Technologies in Cybersecurity
The Use of AI and ML as Transformative Technologies in Cybersecurity
26.07.2024
What are man-in-the-middle (MITM) attacks? Significance, trends, and how to protect yourself
What are man-in-the-middle (MITM) attacks? Significance, trends, and how to protect yourself
26.07.2024
How Digital Skills Protect Our Cyber World
How Digital Skills Protect Our Cyber World
24.07.2024
Advantages and Disadvantages of Using Artificial Intelligence in the Field of Cybersecurity
Advantages and Disadvantages of Using Artificial Intelligence in the Field of Cybersecurity
24.07.2024

© 2023 All rights reserved. Women4Cyber Montenegro