Risk Assessment in Social Engineering

risk-board-game

What does a soldier charging into the fight have in common with a soldier that flees from combat? Both of these people have evaluated risk and made decisions based on their assessments. Our safety and well-being largely depends on how appropriately we gauge risks and react to them; this guides much of human behavior and bears relevance to the field of social engineering. Continue Reading >

The Rise of Multifaceted Social Engineering Attacks

multifacted_social_engineering

In an October 2004 report, Gartner indicated the greatest security risk facing large companies and individual Internet users of the next ten years will be the increasingly sophisticated use of social engineering to bypass IT security defenses (Gartner 152).  Fast forward ten years, and social engineering attacks not only serve as a costly threat, but they are evolving in ways that make even the most security conscious people susceptible.  In recent times social engineering attacks have become even more dangerous due to their complexity. We are seeing a rise in multifaceted social engineering attacks.  These attacks combine a number of […] Continue Reading >

Deflate-gate: Analyzing the nonverbals of Belichick and Brady

Super Bowl Football

Many researchers have stated that 50, 60, 70, 80. or even 90% of what we say is nonverbal.  What I learned from Dr. Ekman is that you can’t really attach a percentage since it will change due to what is being communicated and how.  Regardless, the percentage is very high and many times what we say is the opposite of what we are feeling. Recently there has been a scandal in the NFL dubbed “deflate-gate” where the Patriot QB, Tom Brady, is being accused of knowingly having the footballs deflated below regulation.  Both he and the coach held press conferences […] Continue Reading >

PHaaS – The Business Value of Phishing as a Service

PHaaS-Works

In 2013 37.3 million users experienced phishing attacks leading to direct loss and reputational damage. As 2015 opens, phishing attacks continue to plague organizations across the globe with great success, but why? Cyber criminals have figured out how to target the human element of organizations, and they are evolving techniques to use an organization’s own employees as the first point of entry. No company, no matter the size or prestige, is immune to these types of attacks. In 2014 Microsoft employees fell victim to several targeted phishing attacks in which attackers were able to compromise internal email access in addition […] Continue Reading >

The Growing Threat Social Engineering Poses to Organizations… Is Your Team Equipped?

InfoGraphicBlog

This past week, FireEye released its “Hacking the Street” report indicating a group of highly sophisticated attackers exploited Wall Street using social engineering instead of malware or other technical attack vectors. The group, known as FIN4, initiated their attack through information-gathering. They reportedly contacted  an array of publicly traded pharmaceutical, health care and biotechnology organizations to pick up Wall Street terminology.  The group then used the merger and acquisition lingo in extremely convincing phishing emails to con professionals working in financial services into believing in the legitimacy of the email.  The emails were  filled with Visual Basic Applications (VBA) macros […] Continue Reading >

Why Do We Care About Social Media

social_media

The great thing about the proliferation of social media involves how much more connected we feel as humans. We are, after all, social animals. We share photos of our children, updates about how we’re feeling and funny cat videos. Social media works not because of the technology involved (i.e., Facebook, Twitter, etc) but because of our innate desire to share things amongst each other. Why is this important to understand? Because social media has changed many of us in very fundamental ways. Because we feel safe behind the polished glass of our computers, we are now more likely to share […] Continue Reading >

What Social Engineers Can Learn from the Bobo Doll

images-5

As social engineers, it behooves us to have a deep understanding of why people take the actions that they do.  Although we’ll probably never have complete insight into another, the topic of today’s blog is observational learning. In short, observational learning is learning that takes place by watching someone else model behavior.This concept was demonstrated by a really interesting experiment conducted by psychologist Albert Bandura in 1961.  He found that kids imitated specific aggressive behavior demonstrated by adult models against a Bobo doll. Continue Reading >

The Truth about Obligations

sheldon-cooper

Many people probably don’t think about the concept of obligation being an aspect of influence. However, what is obligation? Typically, it’s a feeling based on norms, morals, even manners and roles we play in life. These feelings will often spur action. If we accidentally bump into someone, we feel we should apologize as a polite member of society. Or, as a spouse or parent, we will (hopefully) feel compelled to look after our family members. Continue Reading >

Emotions and Motivations

Puzzle_Of_Emotions-237x300

The field of social engineering deals heavily with human motivation. In order to influence people’s behavior and feelings it is useful to be familiar with some basic theories and research on this subject. As motivation is a vast topic, we are only highlighting a few simple ideas and studies in this blog. Emotion can play a large role in the formation of a person’s motivation. When asked by researchers, subjects report a more positive view of their life when it is sunny and a more negative view when it is rainy. Something as simple as the weather can impact perspective […] Continue Reading >

RSA 2014: The Wrap Up

Social-Engineer, Inc. loaded up cast and crew to spend the week in San Francisco for RSA 2014.  We were an hour into the first day and we knew one thing; we should have brought comfortable shoes and some massive umbrellas. With the venue extending through the entire Moscone Center, there were acres of exhibitors and presentations to see. Our team, although amazing, ended up getting soaked the first day due to some much needed rain in San Francisco.   Continue Reading >