Social Engineering | Perfecting The Art Of Hacking Humans

With the alarmingly rapid advancement of our digital world, interconnectivity among individuals, corporations, and organisations is also increasing significantly. This growing network enables effortless communication, collaboration, and information sharing. Nevertheless, heightened connectivity comes with increased inherent risks. As the digital landscape becomes more interconnected, people have greater accessibility to systems and data, which escalates the risk of potential cyber breaches.

As of 2023, social engineering continues to pose a substantial threat to our digital ecosystem. Cybercriminals continuously adapt and enhance their social engineering techniques to align with the ever-changing social media trends and platforms. Numerous forms of these techniques are widespread, encompassing popular tactics such as phishing, business email compromise (BEC), impersonation attacks and dumpster diving.

Of all, in today’s digital landscape, phishing remains a prominent tactic employed by cybercriminals. 

The highest rate of mobile phishing in history was observed in 2022, with half of the mobile phone owners worldwide exposed to a phishing attack every quarter.

Notably, non-email-based phishing attacks, including voice phishing, SMS phishing and QR code phishing, saw a significant increase of sevenfold in early 2022. Within Singapore, in 2021, Oversea-Chinese Banking Corporation (OCBC) customers fell victim to a series of phishing attacks resulting in around 470 customers suffering losses of approximately $8.5 million due to malicious transactions. The steady rise in phishing incidents and the growing sophistication of various phishing techniques emphasises the urgent need for increased vigilance and cybersecurity measures to safeguard organisations against these threats. 

The widespread use of social media by billions of people globally has opened up boundless opportunities for social engineering. Attackers can now leverage the wealth of personal information to create highly personalised phishing messages that appear legitimate to individuals. Moreover, the advancements in Artificial Intelligence (AI) technology have enabled cybercriminals to overcome basic flaws in phishing messages, such as poor spelling and grammar. The AI-powered chatbots can also correct these errors, making phishing emails less likely to trigger spam filters or raise suspicion among recipients. 

Here, we have a stark example of how the ChatGPT tool can be utilised to craft a malicious phishing email: 

By incorporating advanced technology with social engineering techniques, cybercriminals now wield a formidable arsenal. This enables them to create emails and messages that appear remarkably genuine, enticing even the most cautious recipients to take action. 

Conclusion

Navigating through today’s digital landscape, it becomes imperative for us to approach with caution and keep ourselves updated with the ever-evolving social engineering tactics and trends employed by attackers. Equipping ourselves with a good understanding of social engineering processes and recognising common red flags – urgent requests, suspicious email addresses and links – can protect us from falling victim to such sneaky attacks. Moreover, we should always adopt a sceptical mindset (“think before you click”) and directly verify any requests made with a trusted source or the organisation.

Remaining informed and cautious is paramount, and it’s crucial to remember that knowledge is power. With the right mindset and awareness, we can outsmart these cybercriminals and protect ourselves from the lurking dangers in the digital world. 

Author:

Bertha Han, Offensive Security Consultant

Bertha is well experienced in offensive security. She has worked with numerous high-stake clients. ranging from a well-established E-commerce client to government agencies to assess security controls in place through penetration testing and security reviews, enabling them in identifying and correcting key gaps in security requirements.

Related Posts:

Secure your business with us

Book a consultation with us now to see how you can better your security posture. We strive to understand your business objectives and challenges to ensure that we uplift your organisation at minimal disruptions to your day-to-day activities.

Simply drop us an email at [email protected] or call us at +65 6610 9597 (SG) / 1800 996 001 (AU) for more details
Scroll to Top