Social engineering is the strongest method of attack against the enterprise’s weakest vulnerability, its people. Criminal hackers recognize this fact. In 2015, social engineering became the No. 1 method of attack, according to Proofpoint’s 2016 Human Factor Report.
These successful social engineering methods often use phishing and malware. But deceptive information assailants have more tools and approaches to draw on than these.
That’s why we covered six of the most effective social engineering techniques that attackers use both on and off the internet, providing insights into how each one works, what it accomplishes, and the technologies, methods, and policies for detecting and responding to social saboteurs and keeping them at bay.
Technique one: Enabling macros. Cybercrooks are using social engineering to trick organizational users into enabling macros so that macro malware will work. In attacks on Ukrainian critical infrastructure, bogus dialogue boxes appearing in Microsoft Office documents told users to enable macros to properly display content created in a more recent version of the Microsoft product.