Retail is Unprepared for Social Engineering

Social Engineering Indicators Landing PageThe latest data from SecurityScorecard shows the retail industry’s security stance is at an all-time low, and is particularly susceptible to social engineering attacks.

The retail industry is one of a few a primary targets for cybercriminals – they rank fourth (behind financial, healthcare, and government), according to a Carbon Black report. Credit card data is accessible using RAM scrapers (the number 2 data breach method used according to the 2018 Verizon Data Breach Investigations Report).

More importantly, users at store locations can be easily phished or vished via social engineering tactics. Cybercriminals pose as a member of IT or management to take advantage of store employee’s willingness to comply with a call from “corporate”. The reason an emphasis needs to be put on social engineering is that malware (like RAM scrapers) can’t get installed without first tricking the user.

And, to make matters worse, retailers are adopting new payment and digital technologies to remain competitive, which only makes them a bigger target for cybercriminals.

So, it makes sense that Retail should have their security strategy ready to fight against social engineering-based cyber attack, right?


According to SecurityScorecard, the Retail industry’s security rating ranked dead last in comparison with other industries. "This year the retail industry's security posture fell lower than in years past, both in application security and social engineering," said Fouad Khalil, head of compliance at SecurityScorecard.

What Retail needs is to put every user – both at corporate and in storefronts – through Security Awareness Training to educate users on social engineering tactics used, how to spot them, and how to avoid becoming a victim. Security Awareness Training empowers users to become part of the security strategy, elevating Retails preparedness, and lifting them from being the most ineffective industry when it comes to security.

Phishing Security Test

We've got something really cool for you: the new Phishing Security Test v3.0!

Sending simulated phishing emails is a fun and an effective cybersecurity best practice to patch your last line of defense… your users.

Find out the Phish-prone percentage of your organization with our free updated Phishing Security Test that now includes our New Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.

Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!

With Our Updated Phishing Security Test:Phishing Security Test Screenshot

  • You can customize the phishing test based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry


The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately. There is no cost.

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews