Social Engineering Forums  
Register FAQ Donator Members Calendar Search Today's Posts Mark Forums Read
Go Back   Social Engineering Forums > Marketplace > Marketplace Discussion
Reload this Page 17% of Workers Fall for Social Engineering Attacks

Reply
 
Thread Tools Display Modes
17% of Workers Fall for Social Engineering Attacks
Old
  (#1)
VirginiaJenkins is Offline
Noob
 
Posts: 5
Join Date: Jan 2018
Reputation: 0
   
Default 17% of Workers Fall for Social Engineering Attacks - 04-13-2018, 01:09 PM

In tests that imitated the actions of hackers by sending emails to employees with links to websites, password entry forms and attachments, 17% of the messages would have led to a compromise of the employee's workstation and, ultimately, the entire corporate infrastructure if they had been real.
In total, 3,332 messages were sent by cybersecurity firm Positive Technologies. The most effective method of social engineering turned out to be phishing emails: More than a quarter (27%) of recipients clicked the link, which led to a special website. Users often glance over or ignore the address, leaving them unaware that they are visiting a fake website.
“To make the emails more effective, attackers may combine different methods: A single message may contain a malicious file and a link, which leads to a website containing multiple exploits and a password entry form,” said Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies. “Malicious attachments can be blocked by properly configured antivirus protection; however, there is no surefire way to prevent users from being tricked into divulging their password.”
Employees often open unknown files, click suspicious links and even correspond with attackers. In 88% of cases of such correspondence, these overly trusting employees worked outside of IT (such as accountants, lawyers and managers). One quarter of these employees were team supervisors. However, 3% of security professionals fell for the bait as well.
Furthermore, occasionally users complained that the malicious files or links would not open – in some cases trying to open the files or enter their password on the site as many as 30 to 40 times. When employees were unable to open a file right away, often they forwarded it to the IT department for assistance. This increases the risks further still, since IT staff are likely to trust their colleagues and run the "broken" file. On occasion, the recipients responded that they were not the intended recipient and instead offered the name of another person at the company.

For More You Can Check:
2D Promotional Video
  
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump