How can companies keep up with social engineering attacks?

Every year, social engineering attacks are employing more advanced techniques. Technology continues its inexorable march forward, and its advancement in areas such as artificial intelligence (AI) and machine learning — deepfake technology, for example — will further exacerbate social engineering risks.

Social engineering can be defined as the psychological strategies scammers use to manipulate humans into clicking on compromised links or divulging sensitive information. Social engineering comes in many forms, including emails, phone calls and texting. These attacks exploit users’ fears, curiosity or helpfulness to trick individuals into sharing data such as login credentials, bank accounts or social security numbers. Commonly, they’ll redirect victims to websites harboring drive-by malware downloads and initiate phishing attacks.

Phishing schemes are often quite sophisticated. In the fall of 2020, guests at the Ritz Hotel in London were “vished” (voice call phishing) by scammers posing as Ritz staff. The scammers convinced guests to divulge credit card information. According to Bitwarden research, emails purporting to be from financial institutions (35%) or a government entity (22%) were the top phishing culprits of 2021.

With the increase in digital and remote work, phishing driven by social engineering has reached the point where staying safe remains a priority for both individuals and enterprises, as phished employees can compromise an organization’s network…