According to Verizon's Data Breach Investigations Report, 74% of security breaches are the result of successful social engineering attacks, bugs, abuse, and other human weaknesses. Also in many companies.
A little good news: In the previous year, 82 percent of security breaches were recorded. But 74 percent stay according to Verizon's Data Breach Investigations Report Social engineering attacks. The most successful attack method with 50 percent is pretexting, i.e. a social engineering activity with a specific pretext as the trigger. This is a double increase compared to last year.
Phishing, phishing, phishing
Pretexting is a kind of "evergreen" of these reports, which, however, also illustrates the threat potential of this social engineering variant. The most common form is phishing, more specifically email phishing. In the subject and in the address of the alleged victim, contact is made under a pretext.
Depending on the type of pretexting, the conversation starter is sometimes more, sometimes less specifically aimed at the recipient. Classic strategies for victims in the corporate environment are CEO fraud, business e-mail compromise, IT support requests or an alleged external or former employee who needs support. Depending on the recipient or their social media presence, the boundaries between professional and private levels can become blurred.
The simplest attacks are always successful
The results of the report once again confirm how successful the basically simple means of cybercriminals are. In addition, most of these activities are intended to cause financial harm to the victim. The problem remains that despite continuously improving email filters and professional endpoint protection, attackers still manage to bypass protection mechanisms and send such emails to selected victims.
The technological revolution surrounding ChatGPT and other AI language models is accelerating this trend, as content can be created faster and more precisely targeted to the recipient.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Pretexting is supported by ChatGPT
No technology can stop pretexting as cybercriminals are always finding new ways to bypass security controls. For this reason, at least companies should prepare their employees for these threats. This is achieved with security awareness training. However, only if they are well done and reflect the everyday life of the employees. It is therefore advisable to put together an entire program with varied content in order to continuously train the latest pretexting attempts with playful approaches but also with simulated phishing e-mails.
More at Knowbe4.de
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.