View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Workforce
May 17, 2018

Businesses: Watch out for Phishing, SMShing and Vishing

Proper education is the key to educating people on hacking.

By Umar Hassan

Companies face an increasing risk of social engineering-based threats to their security and data, Christoper Hadnagy, “Chief Human Hacker” of social-engineer.com, emphasised in his keynote speech on day two of UC Expo 2018, warning that it is often cheaper and more effective than technical hacks for criminals.

Hadnagy founded Social-Engineer.com in 2004 in Brooklyn, Pennsylvania. It is the “world’s first social engineering penetration network”. The author and security expert is also founder of the cult “Social Engineering Capture the Flag” competition at popular hacker conference DEF CON.

The definition of social engineering, as he explained, is quite broad as it involves “any act that influences a person to take an action that may or may be in their best interests”.  ut it is increasingly prevalent and companies need to take a “when not if” attitude to its likelihood, he emphasised.

With recent research from the Ponemon Institute showing that the average cost of an insider-related incident (whether intentional, negligent, coerced or persuaded through such social engineering) over a 12-month period is $8.76 million (£6.4 million), and it takes more than two months, on average, to contain an insider incident, the topic is firmly on the radar of many businesses.

“Don’t call back!”

The Social Engineering Spectrum

Phishing, SMShing (form of fraud that uses mobile phone text messages to lure victims into calling back a fraudulent phone number or downloading malicious content) and  and vishing, the practice of using the phone to fraudulently gain access to personal information, are a few examples of social engineering.

Christopher highlighted that there were over 200,000 new malware samples every day with a further 4,000 ransomware attacks captured per day last year.

He also mentioned 91% of corp phishing attacks involved name spoofing with a 500 percent increase in social media phishing in Q4 2017.

Content from our partners
Why the tech sector must embrace faster, smarter talent recruitment
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system

He also talked about how there have been over 60 major SMShing stories in 2017, with 14 percent replying to texts whereas 26 percent call the number sent via text and a further – shockingly high – 60 percent of victims click the website link sent via a text message or SMS.

When it comes to vishing, Hadnagy noted that millennials were mostly unaffected by this form of social engineering. A striking 60 percent of the 45-65 age demographic are prone to vishing attacks despite there being at least 45,000 reported attacks in 2018 and over $16 billion (approx. £11.8 billion) lost through phone scams in the US.

His concluding message at the keynote that for individuals and companies to be properly educated around social engineering, phishing, SmShing and vishing, they need to change from an “if to when” mentality.

See also: Here Be Fraudsters: A Panorama of Digital Dangers in the UK

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU