First let’s get a definition of social engineering:
Social engineering is the art of manipulating people to give up confidential information. The types of information compromised can vary, but when organisations are targeted, the criminals are usually trying to trick you into giving them your credentials for secure systems you have access to especially Microsoft 365 and Google Workspace.
A successful social engineering attack can have severe consequences. One of the best ways for you to combat this is to get your team some Cyber Security Awareness Training.
Here is an example of a real world social engineering attack that cost MGM more than $100 million.
MGM sues FTC to halt probe into ransomware infection • The Register
Buried in this story of a corporate giant trying to avoid fines on top of the financial losses is this quote:
The criminal gang Scattered Spider claimed to be behind both the MGM digital break-in as well as a similar intrusion at Caesars Entertainment hotels and resorts. The miscreants, we’re told, bragged that all it took to break into MGM’s networks was a 10-minute call tricking some sap on the IT help desk.
Jessica Lyons – The Register
Socail engineering in action. Now your losses may not be that much, if one of your team were decieved into giving away their M365 credentials, but you would still need to explain to clients and possibly the ICO how you did not think training was worth the money!
Clive Catton MSc (Cyber Security) – by-line and other articles