Skip to main content
General

Social Engineering Trends and Insights for Q4: What to Expect in the Fourth Quarter

By September 12, 2024No Comments

As the year progresses, so do the social engineering scams. We know these scams are on the rise, but what exactly are they, and how do we protect our companies from them? Let’s look at 2 common social engineering scams we expect to see in the fourth quarter of 2024 and discuss ways to stay secure so we can be prepared.

Social Engineering Trends and Insights for Q4

Business Email Compromise Scams

The FBI states that business email compromise (BEC) scams are “one of the most financially damaging online crimes.” In a BEC scam, malicious actors will send an email purporting to be from a known source, which makes it appear like a legitimate request. The FBI provides the following examples:

 A vendor your company regularly deals with sends an invoice with an updated mailing address.

  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A home buyer receives a message from his title company with instructions on how to wire his down payment.

What are the ways we can protect ourselves from these scams? The FBI provides the following tips:

  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling, in any correspondence.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Verify payment and purchase requests in person, if possible, or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the requests.

Vishing and AI Scams

If you have been on the internet in past months, no doubt you have noticed that AI gets mentioned nearly everywhere. One thing is sure, AI is here, and it is here to stay. AI has even been used in connection with vishing (or voice phishing) scams. Criminals are leveraging generative AI to clone voices and use them in vishing attacks. Reports of attackers posing as family members in need of money have been flooding in. In one instance, an attacker called someone impersonating their granddaughter. The individual being targeted was so convinced that this was their granddaughter that they gave the attacker their money. Unfortunately, we can expect to see cases like this increase in quantity. Additionally, these same techniques can be used to impersonate your company CEO, manager, or other employees with privileged access.

What about vishing without the use of AI, though? Is it a threat? We saw this demonstrated in a real-world example with the MGM Resorts cyberattack. This attack, costing MGM over $100,000,000, started with a vishing call to the organization’s help desk. Using information scraped from social media, the attacker posed as an MGM Resorts employee. This attacker was eventually able to leverage this information to gain administrator rights and deploy ransomware. This clearly shows the danger of vishing, even without the support of AI.

Remain Secure

Knowing the above, what can we do to protect our companies from vishing scams? Most importantly, don’t wait for the attack—be proactive and secure your business with our Managed Vishing Service. The experts at Social-Engineer are certified professionals trained to duplicate the tactics of real attackers, which means your team learns to deal with genuine threats.

Testing and training your employees are the primary ways to ensure they are ready for real world scenarios. Let us help you in strengthening your human firewall now, so we are all prepared for quarter four.

Links

https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/business-email-compromise

https://www.social-engineer.com/offensive-security/vishing/

https://www.social-engineer.com/offensive-security/phishing/

https://www.social-engineer.com/business-email-compromise-fraud-social-engineering-news/

https://www.social-engineer.com/vishing-attacks-and-ai/

 

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now