In the News

5 social engineering assumptions that are wrong

Jun 24, 2022 CSO

Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.

Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.

Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s vice president threat research and detection, stated that the vendor has attempted to debunk faulty assumptions made by organizations and security teams so they can better protect employees against cybercrime. “Despite defenders’ best efforts, cybercriminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.”

Indeed, cybercriminals will go to creative and occasionally unusual lengths to carry out social engineering campaigns, making it more difficult for users to avoid falling victim to them.

Here are five social engineering misconceptions exacerbating attacks, as presented by Proofpoint