Does it seem like you’re receiving more really targeted scam telephone calls and emails lately? If so, it’s not your imagination and you’re not alone. As we lead more and more connected lives, posting more and more data to social media sites, organizations that we do business with and having our information traded by and between those organizations online, it’s getting easier and easier for threat actors to gather information on us that they can then use in social engineering attacks against us. This month’s Ouch newsletter from SANS talks about this specific issue and offers some excellent insight into how it works and what you should do to protect yourself.
The very first line under “What Should I Do?” is “Recognize that emails or phone calls like these are a scam.”. As attackers continue to evolve, it’s important to incorporate those new methodologies and techniques into your employee onboarding and ongoing security awareness training so that your people have the tools that they need to make those decisions (is this a scam or not). If you aren’t incorporating security awareness into your onboarding and ongoing training for your employees, we’d love an opportunity to talk with you about ways that we can help.