According to the latest fraud report from RSA, all four of the documented fraud attack methods use some form of social engineering to trick victims into giving up their money.
The latest RSA Quarterly Fraud Report for Q1 2019 focuses on the methods used by cybercriminals to eventually commit fraud. With the intent to turn an attack quickly into money (so the goal isn’t to obtain credentials, steal data, encrypt files, etc. but to collect banking or credit card information), these attacks directly hur an organization’s wallet.
According to the report, the following 4 fraud attack types dominate:
But what’s interesting is the definitions of each attack type; in all four cases, some form of social engineering is at play – whether the use of false pretense, brand impersonation, or as part of phishing/vishing/smishing scams. This single fact demonstrates the power of using context, timing, and victim familiarity as part of an attack intent on committing fraud.
The report data also shows that social engineering is a viable tool, regardless of the medium; the report represents attacks via mobile, social media, online content, email, phone, and text.
Organizations need to prepare their users for these crafty schemes. Continual use of Security Awareness Training empowers users to keep up the latest social engineering tactics, learn how to spot them in the wild, and why it’s critical that they remain vigilant to protect both their personal interests and the interests of the organization.