Threat actors have to find ways of breaking down our cyber security training – that is where social engineering comes in.
They want to find some way to get you to do what they want – this usually means exploiting your trust, but a bt of stress in there to move you along will ehlp their cause.
Here is an example of a phishing email with added stress – a countdown timer – taken apart by Xavier Mertens over on SANS Internet Storm:
Attackers Keep Phishing Victims Under Stress – SANS Internet Storm Centre
I wrote about phishing attacks earlier this week:
Can your team handle the flow of phishing attacks that can get past your technical defences?
As part of our training over on CyberAwake we discuss a variety of social engineering attacks, what to look out for and what to do about them. We also cover what to do if the bad actors get past you and you do open that file or click that link.
Clive Catton MSc (Cyber Security) – by-line and other articles