Researchers at NordVPN have published the results of a survey that found that 84% of Americans have experienced some form of social engineering, although only 54% have heard of the term “social engineering.” 85% percent of the respondents said they were aware of the term “phishing,” and 36% said they had fallen victim to a phishing email.
The researchers found that phishing emails are the most common form of social engineering attacks, followed by text message phishing (smishing) and voice phishing (vishing):
- 48% – Suspicious emails with links and attachments and/or asking for their personal information
- 39% – Suspicious texts with links and attachments and/or asking for their personal information
- 37% – Pop-up advertisements that were difficult to close
- 37% – Suspicious email(s) containing links, attachments or asking them to reply and divulge work/business information
- 32% – Suspicious email(s) from someone posing as an important personal who was asking them to wire them funds
- 27% – Suspicious voicemail(s) asking the recipient to divulge personal information
- 26% – A virus on their computer or phone
- 19% – Malware on their device that redirected them to a fake version of a website
NordVPN offers the following advice to help users recognize these types of attacks.
“The point of a social engineered attack is to get you to follow a link or sign up to something,” the researchers write. “The best way to recognize a socially engineered attack is to analyze the language of the message. Is the language desperate? Does the message imply there’s a time limit to whatever request it’s asking for? Does the message sound urgent? Remember that most banks will never text you and ask for your login credentials. In fact, any text message or email you receive that requests any kind of login details is probably best suited for the trash bin.”
New-school security awareness training can enable your employees to thwart social engineering attacks.
NordVPN has the story.
