Security News

IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks. This type of automated response is not lost upon cybercriminals, nor on Chris Poulin, who was a strategist at IBM's X-Force, when he wrote his IBM Security Intelligence commentary 6 Psychological Elements Behind Sophisticated Cyber Attacks, which looks at how cybercriminals leverage human traits to improve their odds of a successful attack.

Social engineering is allowing cybercriminals the way in. It's time to shift some of the focus from technology to psychology, as even the most sophisticated cybersecurity system has not prevented people from falling victim to social engineering.

A report released Thursday by business VPN provider NordVPN Teams examines three different types of social engineering attacks and offers advice on how to combat them. Social engineering attacks jumped during the first half of 2020, according to NordVPN Teams.

The phishing attack on Twitter employees serves as an opportunity for all businesses to reassess how they build and deploy application

People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.

Twitter has said that around 130 accounts were targeted by miscreants this week as high-profile individuals and businesses had their accounts hijacked to promote a Bitcoin scam. The estimate comes days after the social media biz admitted the blitz - which snared the accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber and former President Barack Obama - was the result of "Coordinated social engineering".

SEE: Social engineering: A cheat sheet for business professionals. Security consulting firm Social Engineer, Inc., defines social engineering in incredibly basic and broad terms: "Any act that influences a person to take an action that may or may not be in their best interest."

Twenty years have passed since cybercrooks demonstrated the role exploiting human psychology could play in spreading malware. While not the first worm to cause a headache for computer users, it was the first to truly demonstrate the potential role of social engineering online.

Today we're going to dive into how COVID-19 is driving an increase in account takeover as well as providing some suggestions on how to combat. Before we get too into the weeds, let's just quickly level set on a definition of account takeover or ATO. Account takeover is when a legitimate customer's account is accessed through illicit means for the purpose of committing fraud.

Beyond compromised credentials, attackers leverage personally identifiable information gathered on specific targets to launch social engineering attacks or reset the victim's account password to take over the account. Social engineers armed with data can easily source the answers to knowledge-based questions, which are the primary form of user authentication during a password reset, to take over the account.