Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

Five social engineering tricks and tactics employees still fall for

Despite training employees about phishing attacks and scams, the reasons for data breaches are human error. According to a study, more than 30% of the phishing messages are opened by their target, 15 % of the employees still open the attachments which enable the attack to succeed. The same employees still keep of falling, which has been trained and warned for years.

Employees are blamed for data breaches, but they can avoid the scams by shedding their bad habit. Given below are five social engineering scams which employee’s stills fall for.

‘It looks official.’

Employees get confused when they receive emails which appear to be from an authorized person and contain invoice attachments and subject lines. Some employees may not look closely to the emails and clicks on links and open attachments, which further leads to data breaches and the system gets hacked.

Firms should use a secure file transfer system to the exchange files with subcontractors and partners. By using a secure data transfer system, they will be able to know where the file comes from, and it has been examined.

‘You missed a voicemail!’

Hackers have been using voicemail as a scam since 2014. They tried to install malicious software through emails designed to look like internal voicemail. It is Cisco kind of voicemail. The employees usually get a missed call, and when they open the attachment, the system gets infected.

Free stuff

One of the common social engineering tricks, the employees fell for is they can’t resist free stuff. They will open any attachments; links to get free tickets, software download etc. which leads them to cyber attacks.

Employees should know about this stuff and never try to get anything free. The attackers send such links through websites which leads the system to be infected or compromised.

Fake LinkedIn invitations

One of the standard types of a scam which are used to target a victim is sending invitations and in emails from fake accounts which seems to be legitimate. The attackers create a fake LinkedIn account and pose as a member of the team or even the executives. After accepting their invitation, they will start communicating with you and important information may be shared, which is further used to gather sensitive data about the firm.

Social media surfing at work

The social media users open the door for cyber-criminals. Most of the employees are still not fully aware of the Social media’s cyber risk. Using an organizations device for social media leaves the firm vulnerable to cyber thieves. So employees need to be trained on how to use social media like Facebook, twitter etc.