Know Your Enemy!

By Tomer Yair Zemel

Let's talk about Social Engineering.
Have you ever wondered how hackers work and how phishing links operate? Have you heard of a term called Social Engineering before? If not, don't worry, I have some insights that will keep you a step ahead. Hackers know what you want and in order to remain one step ahead, you need to know what they want and exactly how they think.

Social Engineering

Social engineering is the term used for a wide range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called "bugs in the human hardware,” are exploited in various combinations to create attack techniques that are meant to get you and are based on common attributes. These attacks are targeting your data, your passwords, and your identity.

Here are the top 10 email phishing campaigns subject lines which are related to the above techniques:

  • Password Check Required Immediately
  • Touch base on meeting next week
  • Vacation Policy Update
  • COVID-19 Remote Work Policy Update
  • Important: Dress Code Changes
  • Scheduled Server Maintenance -- No Internet Access
  • De-activation of [[email]] in process
  • Please review the leave law requirements
  • You have been added to a team in Microsoft Teams
  • Company Policy Notification: COVID-19 - Test & Trace Guidelines

According to the results of Terranova’s 2020 Gone Phishing Tournament, almost 20% of all employees are likely to click on these email links and, of those, 67% will continue to enter private credentials on all sorts of phishing websites. Look at the samples below and be aware before clicking, always check the source of invite and message you receive:

  • Changes to your health benefits
  • Twitter: Security alert: new or unusual Twitter login
  • Amazon: Action Required | Your Amazon Prime Membership has been declined
  • Zoom: Scheduled Meeting Error
  • Google Pay: Payment sent
  • Stimulus Cancellation Request Approved
  • Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
  • RingCentral is coming!
  • Workday: Reminder: Important Security Upgrade Required

Be aware these are the methods that are being improvised and innovated on a daily basis. Use our previous articles to understand how to defend yourself online and remain one step ahead. Our suggestion is to follow one golden rule and that is USE A VPN. While it's advisable to not click an unknown or a suspicious link, if you are someone who ends up clicking, then make sure you have activated VPN on your device. I am biased to Bodyguard :) and highly suggest our readers to try it out once.

Stay safe and healthy out there,
Tomer Yair Zemel