View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Leadership
  2. Workforce
May 17, 2018

Businesses: Watch out for Phishing, SMShing and Vishing

Proper education is the key to educating people on hacking.

By Umar Hassan

Companies face an increasing risk of social engineering-based threats to their security and data, Christoper Hadnagy, “Chief Human Hacker” of, emphasised in his keynote speech on day two of UC Expo 2018, warning that it is often cheaper and more effective than technical hacks for criminals.

Hadnagy founded in 2004 in Brooklyn, Pennsylvania. It is the “world’s first social engineering penetration network”. The author and security expert is also founder of the cult “Social Engineering Capture the Flag” competition at popular hacker conference DEF CON.

The definition of social engineering, as he explained, is quite broad as it involves “any act that influences a person to take an action that may or may be in their best interests”.  ut it is increasingly prevalent and companies need to take a “when not if” attitude to its likelihood, he emphasised.

With recent research from the Ponemon Institute showing that the average cost of an insider-related incident (whether intentional, negligent, coerced or persuaded through such social engineering) over a 12-month period is $8.76 million (£6.4 million), and it takes more than two months, on average, to contain an insider incident, the topic is firmly on the radar of many businesses.

“Don’t call back!”

The Social Engineering Spectrum

Phishing, SMShing (form of fraud that uses mobile phone text messages to lure victims into calling back a fraudulent phone number or downloading malicious content) and  and vishing, the practice of using the phone to fraudulently gain access to personal information, are a few examples of social engineering.

Christopher highlighted that there were over 200,000 new malware samples every day with a further 4,000 ransomware attacks captured per day last year.

He also mentioned 91% of corp phishing attacks involved name spoofing with a 500 percent increase in social media phishing in Q4 2017.

Content from our partners
Harnessing the power of low code and no code development
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking

He also talked about how there have been over 60 major SMShing stories in 2017, with 14 percent replying to texts whereas 26 percent call the number sent via text and a further – shockingly high – 60 percent of victims click the website link sent via a text message or SMS.

When it comes to vishing, Hadnagy noted that millennials were mostly unaffected by this form of social engineering. A striking 60 percent of the 45-65 age demographic are prone to vishing attacks despite there being at least 45,000 reported attacks in 2018 and over $16 billion (approx. £11.8 billion) lost through phone scams in the US.

His concluding message at the keynote that for individuals and companies to be properly educated around social engineering, phishing, SmShing and vishing, they need to change from an “if to when” mentality.

See also: Here Be Fraudsters: A Panorama of Digital Dangers in the UK

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy