The Importance of Understanding Social Engineering Attacks

Key Takeaways:

  • Blurred Lines Between Humans and AI: In 2024, advancements in artificial intelligence and communication technologies make it difficult to discern between human interaction and automated communication, posing risks of malicious intent.
  • Social Engineering: A Major Threat: Social engineering emerges as the predominant method for attackers to access private information, often employing sophisticated tactics that exploit trust.
  • Financial Impact and Global Trends: Data breaches cost $4.5 million globally in 2023, with the United States being hit hardest. Phishing and stolen credentials remain prevalent, with a notable surge in phishing sites detected worldwide.
  • Understanding Social Engineering: Social engineering relies on manipulation and deception, leveraging trust to extract sensitive information directly from users.
  • Types of Valuable Information: Attackers target various types of valuable information, including personal identifiable information (PII), financial data, and open-source intelligence, constructing authoritative identities to gain trust.
  • Preventive Measures: Safeguarding against social engineering is critical for protecting both personal and company data. Vigilance, verification of legitimacy, caution with emotional appeals, staying informed about attack tactics, and training are essential strategies to mitigate risks.

In 2024, with the rise of artificial intelligence, machine learning and communication robots, it is almost impossible to know if you’re talking to a human or coding. It gets more complicated still, not knowing if that entity has your best interests at heart or if they have a hidden – malicious – agenda.

Social engineering is the most common and successful method an attacker will use to gain access to your private information, and the attacks can be more sophisticated than one might realise.

Knowing who and where to trust can save you, your data, your company’s secure information and your money. 

Important Social Engineering Statistics in 2024

IBM‘s 2023 Cost of a Data Breach report notes:

  • Globally, $4.5 million was lost due to data breaches through social engineering techniques.
  • The United States gets hit hardest, with the highest data breach cost
  • Phishing and stolen (or compromised) credentials were the two most common initial attack vectors.

According to Statista, 

The number of unique phishing sites detected worldwide sat at a massive 1.35 million in 2023.

  • That’s an exponential increase in the last decade, with a surge of phishing sites in 2020. 
  • The number of phishing sites detected across the world. Source: Statistica, published February 2024
  • Most phishing sites targeted financial institutions, looking to gain inside access. 
  • The main channel phishing scams operate through SMS (76%), webmail, and web-based software (18%).
  • A massive 98% of all scams are through social engineering.

What is Social Engineering?

Social Engineering is a technique used by scammers to gain access to a user’s credentials by eliciting the information directly from the user. This is usually done by pretence, with the scammer posing as an authority or credible figure.

The official Computer Hacking Forensics Investigator defines it as “a means to commit fraud on another through a confidence trick or other means of disseminating false information.”

Social engineering relies on a manipulation of a person’s ability to trust.

Social engineering is by no means a new tactic, but the introduction of emerging technology leaves more and more vulnerable to falling prey to ever-increasing sophisticated attempts.

Types of Information – and why it’s relevant

There are two types of valuable information that a malicious entity might seek out:

Type 1 (valuable information): 

  • Personal Identifiable Information (PII) 
  • Parental Personal Identifiable Information (PPII)
  • Protected Health Information (PHI) 
  • Free Application for Federal Student Aid (FAFSA)
  • Financial Information (FI) Employment Information (EI)
  • Institutional Partnership Information (IPI) Intellectual Property / Academic Research
  • 3rd Party Vendor Information Payment Card Information (PCI)

Type 2 (open source intelligence): 

  • Full Name (First, Last, Middle) Job title & role
  • Monitor/review social media accounts Monitor personal & institutional news feed
  • Explore old versions of websites Public directory (phone & email)
  • Google map & satellite imagery Public photos (Flickr, Google Images, etc.)

An attacker can use Type 2 information to construct an authoritative identity and can engage with you in a manner in which you’ll trust because it feels as if they are who they say they are or a person you know.

Tactics to Prevent Social Engineering

It’s paramount to safeguard yourself against social engineering. Not just for your private data only but for your company’s information too. Once a scammer has your secure information, they can often access other aspects of your data.

One of the most important things to remember when engaging online is to be hesitant to trust. Artificial intelligence, machine learning, and bots can be used to craft communication to align exactly with the tone of a person you know or trust. Keep your online and private data offline as much as possible. Where possible:

Verify before Trusting 

Rather aim for scepticism than risk an attacker gaining access to your credentials. Before continuing any online engagement, verify the legitimacy of any entity that engages with you first, no matter the channel. Cross-check details thoroughly. 

Be Cautious of Emotional and Urgent Requests

A sense of urgency coupled with an emotional appeal can derail a person’s rational decision-making. Resist acting to any pressure tactics and take a patient, slow approach to someone looking for information. Many attackers will look for a quick score and authentic communication platforms are less likely to create any urgent compliance. 

Stay Informed and Up to Date about Attacks

Knowing what to look out for can make spotting these attacks easier to avoid. Awareness of the common tactics can also help others. If you see any suspicious activity, share it with your company, family, and friends. 

Some companies will use real-world scenarios in successful social engineering attacks to showcase the methods commonly used. If your company offers training in this, consider signing up to get to know the attacks. Knowledge is power and knowing what to avoid can save you and your data down the line.

Becky Leighton is a chip off the old blockchain. She’s spent the last seven years reading about and writing in the world of crypto, Web3, and decentralised technology.

You’ll either find her running or keeping an eye on any and all developments in the tech space.

View all posts by Becky Leighton >

Related Articles

Top Five Crypto Red Flags on Social Media

Some scams are easy to see, but others might look like a worthwhile investment opportunity. Here are some crypto red flags to look out for.

Kate’s Data Breach Sparks Urgent Call for Enhanced Security Measures

After Kate Middleton's alleged data incident and possible internal attack at the London Clinic, there's a clear need for security in cyber...

A Comprehensive Guide to Buying Bitcoin

A guide on how to buy Bitcoin using a credit card for first time users and steps to use when registering an account.

The Difference between Spot Bitcoin ETF Custody and Exchange Custody

There are a few key differences between a spot Bitcoin ETFs and other Bitcoin ETFs in how they are structured and direct exposure to...

See All