With the alarmingly rapid advancement of our digital world, interconnectivity among individuals, corporations, and organisations is also increasing significantly. This growing network enables effortless communication, collaboration, and information sharing. Nevertheless, heightened connectivity comes with increased inherent risks. As the digital landscape becomes more interconnected, people have greater accessibility to systems and data, which escalates the risk of potential cyber breaches.
As of 2023, social engineering continues to pose a substantial threat to our digital ecosystem. Cybercriminals continuously adapt and enhance their social engineering techniques to align with the ever-changing social media trends and platforms. Numerous forms of these techniques are widespread, encompassing popular tactics such as phishing, business email compromise (BEC), impersonation attacks and dumpster diving.
Of all, in today’s digital landscape, phishing remains a prominent tactic employed by cybercriminals.
The highest rate of mobile phishing in history was observed in 2022, with half of the mobile phone owners worldwide exposed to a phishing attack every quarter.
The widespread use of social media by billions of people globally has opened up boundless opportunities for social engineering. Attackers can now leverage the wealth of personal information to create highly personalised phishing messages that appear legitimate to individuals. Moreover, the advancements in Artificial Intelligence (AI) technology have enabled cybercriminals to overcome basic flaws in phishing messages, such as poor spelling and grammar. The AI-powered chatbots can also correct these errors, making phishing emails less likely to trigger spam filters or raise suspicion among recipients.
Here, we have a stark example of how the ChatGPT tool can be utilised to craft a malicious phishing email:
By incorporating advanced technology with social engineering techniques, cybercriminals now wield a formidable arsenal. This enables them to create emails and messages that appear remarkably genuine, enticing even the most cautious recipients to take action.
Conclusion
Navigating through today’s digital landscape, it becomes imperative for us to approach with caution and keep ourselves updated with the ever-evolving social engineering tactics and trends employed by attackers. Equipping ourselves with a good understanding of social engineering processes and recognising common red flags – urgent requests, suspicious email addresses and links – can protect us from falling victim to such sneaky attacks. Moreover, we should always adopt a sceptical mindset (“think before you click”) and directly verify any requests made with a trusted source or the organisation.
Remaining informed and cautious is paramount, and it’s crucial to remember that knowledge is power. With the right mindset and awareness, we can outsmart these cybercriminals and protect ourselves from the lurking dangers in the digital world.
Author:
Bertha Han, Offensive Security Consultant
Bertha is well experienced in offensive security. She has worked with numerous high-stake clients. ranging from a well-established E-commerce client to government agencies to assess security controls in place through penetration testing and security reviews, enabling them in identifying and correcting key gaps in security requirements.
