The world is a better place with less social engineering scams

Here is a good news story:

A two month operation – called First Light 2022 – between law enforcement agencies of 76 nations has led to the seizure of millions of pounds of assets and the arrest of thousands. The organised gangs targeted were behind hundreds of telecommunications and social engineering scams.

Police in participating countries raided national call centres suspected of telecommunications or scamming fraud, particularly telephone deception, romance scams, e-mail deception, and connected financial crime.
Interpol

Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams

The numbers in the report are quite staggering and illustrates why social engineering against businesses, where the trust of your people is exploited, is a problem that every business must address. Whether the attack comes by a phishing email or phone call, whether it is an email that looks like it came form the CEO or your best customer, here are two excellent ways to start to combat the threat:

Have procedures in place that keep a check on your business operations – for instance when key personnel are on holiday (and the threat actors know when these people go on holiday as they monitor the social media accounts of partners and children) – disable their access to key systems and drop them out of such routines as paying bills.
Training and role playing – if people know, for instance, how to recognise a phishing email, understand the company routine, carried out by text messages, that defeats business email compromise (BEC) attacks, have a procedure to follow if they click on a link and do not work in a “blame culture”, then the threat actors will not have it all their own way.

Because although 76 police forces have worked together and broken up these gangs, social engineering and phishing emails and calls can net a lot of money from the unwary and the ill prepared, so new criminals will emerge to fill these lucrative gaps.

Here is a current example of a “too good to be true” phishing scam doing the rounds at the moment

So you think about your regular communications, email, phones and maybe text messages but what about expanding that. Think carefully about your particular operations, you need to know what your “normal model” looks like so you can take steps to defend it. This attack comes via WhatsApp and is aimed at Father’s Day:

Heineken says there’s no free beer, warns of phishing scam • The Register

Clive Catton MSc (Cyber Security) – by-line and other articles

Do you want to know more?

Social Engineering and Email Cyber Security Training

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.