5 old social engineering tricks employees still fall for, and 4 new gotchas | #malware | #ransomware

Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint. More than 80% of organizations suffered a successful email-based phishing attack in 2021, according to a survey of 3,500 professionals. That’s a 46% jump from 2020.

“So many people, especially today with all the distractions and noise of the world, are on autopilot – just going through the motions,” says Kevin Beaver, principal consultant at security firm Principle Logic. “Their subconscious mind has taken over making what are often critical decisions. The bad guys know they have the upper hand.”

A study by researchers at Stanford University found that about 88% of all data breaches are caused by an employee mistake. Nearly half of employees (45%) cited distraction as the top reason for falling for a phishing scam, and 57% of remote workers admit they are more distracted when working from home. The top reasons for clicking on phishing emails are the perceived legitimacy of the email, or that it appeared to have come from a senior executive or a well-known brand.

The consequences of a breach caused by human error are bigger than ever.  Proofpoint identified nearly 15 million phishing messages in 2021 with malware payloads that have been directly linked to later-stage ransomware. And the average total cost of recovery from a ransomware attack reached $1.85 million in 2021, according to Sophos. 

Why do employees still fall for the same old tricks? KnowBe4 CEO Stu Sjouwerman called them the seven deadly social engineering vices in 2016, and most employees still share them today: Curiosity, courtesy, gullibility, greed, thoughtlessness, shyness and apathy.

5 old social engineering tricks

Security awareness experts say employees still fall for these five old social engineering tricks, and they warn of four new scams that add a twist to these oldies but goodies.

Copyright © 2022 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

sixty one + = 67