It’s safe to assume that anybody with an email has probably received at least a handful of social engineering emails in their time – maybe they were sent straight to your spam folder, or maybe you just didn’t notice it and scrolled right past, but most people will be able to recall a few hilariously fake-looking scam emails that have slipped into their mailbox. However, social engineering emails are not a joke at all – especially when they could jeopardise your whole company.
How exactly do these cyber-criminals get their hands on email addresses so easily? Depending on whether your email is posted publicly anywhere or not, they may have to use some different techniques, but chances are they will still find a way.
Web crawling is a common method in which the attacker uses sophisticated tools to scan the web for the ‘@’ symbol in order to find and harvest email addresses – this will only affect people who have their email address posted publicly on a web page somewhere.
Even if you are extremely careful with keeping your personal information away from public web pages and ensuring you don’t allow businesses to sell your information on, you can – and likely will – still be targeting with social engineering emails. If your friend, for example, has been a victim of a social engineering attack themselves, and has your information stored in their mailbox, then this will be easy to access for any hacker. Also, cybercriminals often just guess emails! Although, this isn’t as simple as it sounds, often involving tools – similar to those used to crack passwords – to generate common user names and pair them with common domains.
So, no matter how careful and private you are, chances are a cyber-criminal will still get hold of your email address at some point.
The major reason why cyber-criminals bombard mailboxes with so many scam attempts is simply because they work. Even though these email attacks are so common now, people still fall for them all the time, with 78% of people claiming to be aware of the risks of unknown links in emails yet clicking on them anyway, and 60% of enterprises falling victim to social engineering attacks in 2016.
Still, there are some other factors that push criminals towards this type of attack and make it as successful and commonplace as it is. For example, stolen data on the Dark Web has dropped massively in value, meaning criminals must be more creative than simply stealing data and selling it on – this is one of the reasonings for Ransomware becoming such a threat, as a person’s data is usually more valuable to themselves than anyone else. On top of this, the widespread availability of low-cost phishing kits and ransomware tools is allowing wannabe hackers to push their way into the market too.
For more information about Social Engineering, take a look at some of our other blog posts.