Social engineering targets our emotional responses, not our intelligence. If an attacker personalizes their approach and makes it emotionally significant, anyone can be manipulated into revealing sensitive data, bypassing security, making bank transfers, or installing malware. Cybercriminals often impersonate IT support, employees of well-known companies, or even acquaintances, using various social engineering tactics, like phishing, vishing, and more.
Current trends in social engineering are alarming. According to the IBM Threat Intelligence Report 2024, cybercriminals have shifted from hacking into systems to logging in with valid credentials. In 2023, phishing and attacks involving stolen or compromised credentials were the two most common social engineering tactics, accounting for 91% of all attacks.
Being aware of social engineering tactics is critical for protecting your business. No one is immune to social engineering attacks, but the good news is that they can be stopped or minimized. This blog post will discuss three real-life social engineering attacks and the measures that could have prevented them.
3 real-life scenarios of social engineering attacks
Social engineering attacks are a significant threat to organizations. The primary goals of these attacks are to access sensitive data (85%) and achieve financial gain (15%). Phishing attacks remain the most common reason behind breaches, and they evolve constantly.
That’s why understanding how social engineering attacks work can help your business recognize and prevent these threats. Here are three examples that highlight the diverse tactics used by cybercriminals.
Scenario #1
The company affected: MGM Resorts
The social engineering tactics: a hybrid attack involving a vishing call and a malware download
MGM Resorts is one of the largest casino operators in the world. Cybercriminals made fraudulent phone calls (vishing) to the company's employees to phish for login credentials. Once the employees shared this sensitive information, bad actors obtained valid credentials, accessed the network, and installed malware.
Scenario #2
The company affected: Cisco
The social engineering tactics: a multi-factor authentication (MFA) fatigue attack
A Cisco employee's personal Google account was compromised, revealing highly sensitive information: VPN credentials. Then, bad actors used voice phishing and MFA fatigue to bypass security. New devices were enrolled for MFA, and VPN access was achieved. The attackers gained administrative rights and accessed multiple systems, installing remote access.
Scenario #3
The companies affected: Google and Facebook
The social engineering tactics: email phishing attack
This was one of the most significant social engineering attacks ever. A Lithuanian national targeted Google and Facebook by setting up a fake company posing as a legitimate computer manufacturer. He created corresponding bank accounts and sent phishing emails to specific employees, invoicing them for actual goods and services but directing payments to fraudulent accounts. In two years, this scam netted over $100 million.
12 ways to prevent social engineering attacks
As we have already discussed, understanding social engineering is essential, but being prepared is even more critical. We have compiled a list of tips to help spot red flags indicating that your business is under attack and how to stop it.
1. Use a robust MFA solution
MFA is a powerful tool in the fight against various types of social engineering threats. It adds extra layers of security to help prevent unauthorized access. MFA requires users to provide two or more verification factors, making it much harder for attackers to gain access. If an employee, for example, clicks on a phishing link and enters their credentials, MFA can prevent a breach.
Similarly, even if attackers manage to steal passwords through phishing, they still need the additional MFA factor, such as a one-time code sent to the user's phone, an authentication app, or a fingerprint scan, which they are unlikely to have.
2. Implement web filtering to block phishing links
ThreatBlock, one of the advanced features of NordLayer’s DNS filtering, keeps users from accessing malicious websites. It blocks known phishing sites by preventing access to their domains at the DNS level. You can also use URL filtering tools to scan and block harmful links. These tools check URLs for suspicious patterns and block access to illegal or harmful websites.
3. Segment your network
Network segmentation blocks attackers' lateral movement, enhances detection capabilities, and minimizes the overall impact of social engineering attacks. By isolating different network parts, segmentation ensures that even if attackers gain access, their movement is restricted to a single segment.
In the event of a breach, network segmentation helps contain the damage by isolating and securing the compromised segment without affecting the entire network. For example, in the case of the MGM Resorts attack, their network wasn’t segmented. If it had been, the impact could have been smaller.
4. Introduce ZTNA-based device posture policies
Device posture policies based on Zero Trust Network Access (ZTNA) continuously verify users' and devices' identity and security posture. ZTNA ensures the least privilege access, meaning users and devices get only the minimum permissions necessary.
This rule limits potential damage from any breach. It also involves rigorous device posture assessments, denying access to non-compliant devices. ZTNA's real-time monitoring detects and responds to unusual activities swiftly, while its segmentation capabilities restrict attackers' movement within the network.
5. Use Privileged Account Management (PAM)
Social engineering attacks commonly take advantage of human flaws to access sensitive data and networks. By effectively managing privileged accounts, you can restrict access to your resources. This minimizes the chances of an attacker exploiting a compromised account to gain elevated privileges.
PAM also allows for comprehensive monitoring and auditing of all activities involving privileged accounts. It helps detect suspicious behavior quickly, such as unusual access patterns or unauthorized changes, enabling a swift response to potential breaches.
6. Check and update your security patches
Attackers often seek vulnerabilities in your applications, software, or systems to gain unauthorized access to personal data. To prevent this, regularly update your security patches and ensure your web browsers and systems run the latest versions.
Software companies release security patches to address discovered security flaws. Keeping your systems updated with these patches reduces the risk of social engineering attacks and creates a more cyber-resilient environment.
7. Build a human firewall
Threat actors often combine three elements, sometimes called the dark triad of cybercrime: time pressure, emotion, and an exception. Another common social engineering tactic is trying to establish trust with the recipient. That’s why educating your team about social engineering threats is essential.
One defensive measure against social engineering attacks is to create a human firewall. Each employee should understand that cybersecurity is a personal responsibility, not just the job of the IT department. Chris Hadnagy, the founder and CEO of Social Engineer LLC, points out that if someone tries to manipulate or coerce you into providing money or sensitive information, you are likely being targeted by a social engineering attack.
8. Identify which of your business assets might attract cybercriminals
Many companies focus on protecting their assets from a business perspective. However, threat actors target what is valuable to them, not necessarily what you consider important.
To better protect your organization, think like an attacker and identify the assets that might attract them. Look beyond your products, services, or intellectual property. An independent assessment is the best way to determine which of your assets will most likely be targeted by cybercriminals.
9. Educate your employees about privacy online
A key to any successful social engineering attack is good research. Attackers will search the internet for any information about their victim. This information helps them run the attack. For instance, they may look at your employees’ social media for personal details to create a convincing story to manipulate them.
That’s why it’s better to be careful about what your team shares online and who can see their profiles. Strong privacy settings on all social media accounts are very useful here.
10. Do a reality check
If you or your employee receives a strange request or is urged to do something unusual, always pause and ask yourself: is this question or scenario realistic? Attackers usually rely on their victims acting impulsively. So, allow your voice of reason to guide you. And thwart their social engineering attack.
Here are a few examples of what questions could be asked:
Would a celebrity truly ask your business for financial support?
How realistic is it that your CEO or manager would request payment via gift cards?
Would your friend or family member ask for money through an email?
Remember to take the time to assess any unusual request. Cybercriminals use various types of social engineering tactics, such as phishing, pretexting, or baiting, so staying vigilant is key to protecting your organization.
11. Check the source
When you receive an email or a message, always verify the source to ensure that the person you are communicating with is who they claim to be. If an email seems suspicious or unusual, double-check the sender's email address against valid emails you've received from them.
If someone calls claiming to be an employee from an organization and requests sensitive information, do not simply accept their credentials. Instead, look up the company's official number and call to confirm whether the request is legitimate.
12. Encourage reporting of social engineering attempts
One precaution to avoid social engineering attacks is reporting them. Encourage employees to inform about suspected activities without fear of trouble or embarrassment. If they feel comfortable reporting, you can catch threats early. Make it clear that reporting helps prevent attacks and keeps everyone safe.
Protect your business from social engineering attacks with NordLayer
NordLayer offers strong defensive measures against social engineering attacks. One is our robust multi-authentication (MFA), which makes unauthorized access much harder, even if passwords are compromised.
Our solutions, like DNS filtering and ThreatBlock, help prevent social engineering attacks by blocking access to known phishing sites and harmful links. Segmenting your network restricts attackers' movement and contains damage in case of a breach.
With device posture policies based on Zero Trust Network Access (ZTNA), you can continuously verify identities and limit access to necessary permissions only. Privileged Account Management (PAM) helps manage and monitor privileged accounts, reducing the risk of attackers exploiting them for unauthorized access. To find out more, contact the NordLayer team today.
