Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Successful Pretexting Attacks Have Nearly Tripled since 2017

    iStock-182365879

    Pretexting attacks are a growing threat to organizations, warn Chris Tappin and Simon Ezard from the Verizon Threat Research Advisory Centre. Verizon’s 2018 Digital Breach Investigation Report shows that 170 data breaches this year were caused by pretexting attacks, compared to 61 in 2017. Tappin and Ezard attribute this rise primarily to poor security policies and a lack of security awareness among employees.

    Pretexting is a targeted, social engineering-based attack in which attackers use continuous dialogue to build a sense of trust with the victim. By creating a fabricated scenario and posing as a senior employee or a trusted vendor, attackers manipulate victims into willingly giving up sensitive information, granting access to systems, or even transferring money. These attacks are surprisingly effective because they target the human element and are often able to compromise systems that have appropriate technical defenses in place.

    Tappin and Ezard believe that security professionals often face “decision paralysis” brought on by the multitude of varied threats to their organizations. They recommend that these professionals focus first on ensuring that basic, fundamental security principles are being followed by employees. Phishing and pretexting are not highly-technical attacks, yet they are among the top ten causes of all data breaches. Even the most sophisticated attackers use these methods because they are so effective.

    Tappin and Ezard say that organizations need to educate their employees about malicious activity and compel them to respond if they see something suspicious. For example, employees should be encouraged to question strange or unexpected emails from their superiors. Pretexting attacks are successful when employees are unaware of the techniques used by attackers. New-school security awareness training can create a culture of security within your organization by ensuring that employees are constantly on the lookout for suspicious behavior.

    CSO has the story: https://www.cso.com.au/article/648201/how-defraud-company-just-ask/

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews