What is the Weakest Link in Your Fight Against Fraud?

weakest link against fraud
Share Button

The more things change, the more they stay the same. This age-old adage can certainly be applied to the realm of IT security where hackers continuously evolve their techniques to compromise their targets. Regardless of how mature an organization’s security posture might be, one thing remains the same: end-users – be they your employees or your customers – remain the weakest link. Hackers have relied heavily on a variety of ‘social engineering’ tactics for the past decade as a means of attaining secured credentials to perpetrate fraud.

These tactics include broad ‘phishing’ campaigns where a fraudulent message is broadcasted to a mass group that includes some type of malware payload and more recently, spear phishing in which hackers target individuals with partial knowledge of their victim with the goal of building a more complete profile which can be used to steal their identity or gain access to a secured corporate network. Hackers are continuously refining their techniques and introducing new schemes to collect and abuse private information. For example, a large number of Facebook users have reported that they have recently been inundated with ‘friend’ requests from strangers. Many security experts believe this is yet another social engineering attempt to obtain and exploit personal information.

Social engineering will continue to be an effective tactic as it leverages our intrinsic trusting nature, as well as our desire to cooperate in seemingly predictable situations (i.e., providing financial or personal details to an assumed bank representative or coworker). Consequently, hackers have become particularly adept at exploiting a range emotions to gain the confidence of their marks, with the goal of triggering an action that puts both their own security, as well as the security of a business, at risk.

Social Engineering on the Rise

Recently, the Fraud Intelligence team at Easy Solutions uncovered a new fraud scheme, in which a fake job advertisement on behalf of a familiar government agency was posted via a social network profile. Using this, criminals were able to collect sensitive user data that they later used to launch fraud attacks (they even requested fees to secure possible interviews and access to work opportunities).

At the same time, Easy Solutions’ email authentication solution, DMARC Compass, detected a wave of fraudulent emails that identified abused government domains that were used to lure users with tempting subjects like “Attention, check returned” “Information for contest winner”, and “Suspended tax ID” to name but a few.

Social engineering tactics typically succeed by convincing users to click on malicious links or unwittingly download malware through a disguised executable file.

For this reason, it is truly vital for institutions to improve their visibility into new threats to better protect their brand. Also, it is crucial for them to implement response mechanisms in case of an attack (which will happen sooner or later), and develop educational programs aimed at increasing threat awareness among users – including employees.

 

Related Posts

Customer Success Story: How Scanning the Dark Web Has Changed Elements Financial’s Security Scanning the dark web for stolen credentials isn’t necessarily on the radar of every financial institution – but it should be.
Account Takeover – What You Need to Know About This $7 Billion Scheme Account takeover (ATO) – it’s the ultimate goal of most fraud attacks, and already causes at least $6.5 billion to $7 billion USD in annual losses across multiple verticals.

Leave a Reply

Your email address will not be published. Required fields are marked *