Social Engineering Attacks to Watch for in 2021
There will be plenty of cyberthreats to watch for in 2021, just like any other year. However, this is not like any other year, so one threat stands out from the rest countless employees rely on remote work to get their jobs done: social engineering.
Countless experts have predicted an increase in social engineering attacks in 2021. This non-technical strategy doesn’t take an IT expert to execute – it relies on human interaction and deceiving people into breaching standard security practices without them even realizing the unintentional harm they’ve caused. Microsoft has reported that social engineering attacks have increased to 20,000 to 30,000 per day in the United States alone.
In the past, common social engineering cyberattacks would involve something as mundane as a convincing email or phone call to an inside target, giving a criminal key information to help them breach an organization’s cybersecurity perimeter.
Some tactics to watch for this year will be more advanced and increasingly enable attackers to gain access to this data. Social engineering still will include:
- Phishing – obtaining personal info, using shortened or misleading links that redirect users to suspicious websites that host phishing landing pages, or incorporate threats, fear and a sense of urgency to try to manipulate the user into responding quickly.
- Vishing – This attack accomplishes the same goal as phishing, but it is typically executed over the phone (“vishing” is a mashup of the words “phishing” and “voice”).
- Pretexting – These attacks rely on building a false sense of trust with the victim, such as acting like HR personnel or employees in the finance department.
- Baiting – This attack promises users an item or good from malicious attackers as an enticement to give personal information. For example, attackers may send an email promising free movie or music downloads if a user gives their login credentials.
- Quid pro quo – Much like baiting, quid pro quo attacks promise the user something. However, quid pro quo attacks are disguised as a service instead of a good.
The best way to combat social engineering attacks is to educate your employees on how to identify a scam before engaging with a malicious actor. It also helps to have a partner with decades of experience in cybersecurity in your corner. Contact 2W Tech today to get started with our Cybersecurity Compliance Program and let our IT consultants do the work for you.