- Search BSI
- Verify a Certificate
Suggested region and language based on your location
Your current region and language
October 28 2020
BSI raises awareness of the top seven social engineering techniques used by attackers
Cyberattacks have risen dramatically during the COVID-19 pandemic. At one point during the height of the crisis, the FBI’s Cyber Division reported that complaints about cyberattacks had risen by 400% to as many as 4,000 per day. This mirrors an anecdotal poll¹ BSI recently held with phishing cited as the most frequent organization hack for 59 percent of respondents, this was followed by malware at 44 percent, web hack at 21 percent, credit card hack at 18 percent and wireless compromise at 12 percent.
BSI’s cybersecurity and information resilience team continues to focus on educating organizations and individuals across industry sectors to raise awareness and mitigate the risks of social engineering techniques.
Social engineering techniques are becoming increasingly sophisticated and are used to trick individuals into divulging confidential information or taking an action that may not be in their, or their organizations, best interest. Understanding and being aware of the social engineering techniques attackers use is vital for everyone. Here are the seven most common techniques currently being utilized:
Adam Hall, Senior Consultant Cyber, Risk and Advisory at BSI explains: “Social engineering has dramatically increased over the last few months and continues to rise day by day. We’ve focused on raising awareness and educating on how to identify various threats to help improve the security postures of employees across all industry sectors as well as the wider community.”
Always think before you click, if it sounds too good to be true, it probably is. Be aware of current phishing campaigns and the tone of an email and be particularly aware when it requests username and passwords or when it uses impersonal phrases. Always check if the sender’s address and the URL link match the company; roll the mouse over the link to see what the website is. If you have any doubt about the legitimacy of an email or any of the above technique scenarios highlighted, do not give out any information or open the email. Contact the individual directly by phone (using the advertised company phone number) to check for authenticity and report it to your IT department or relevant authority.
Additional details on social engineering techniques and advice on identifying suspicious emails can be found here.
The Consulting Services team at BSI provides an expansive range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit bsigroup.com/cyber-us.
ENDS