One of the leading misconceptions surrounding social engineering and phishing is that the source of the problem is centered on users clicking on bad links. Make no mistake, a large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with clicking.
Some of the most damaging social engineering attacks often consist of nothing more than the patient accumulation of information which is then leveraged through many different mediums to inflict financial harm or damage a brand’s hard-earned reputation. One could successfully argue that the most difficult attack defend is the stealth-based approach in which conversation and information gathering occur very subtly outside the scope of advanced detection tools and beneath the radar of even the best-constructed defenses. See our recent blog post here on examples of this type of rapport-based attack.'Social engineering is not clicking, it’s not phishing, it’s not even spear-phishing; it’s the exchange of information that is backed by malicious intent by one or more of the individuals involved.'Click To Tweet
Every company now faces a challenging paradigm, which is the balance between effectively promoting their products, brands, and people while still successfully defending against how that very same information can be used against them. Barracuda Sentinel is engineered with multiple layers of technology in order to protect you from these threats. Still, it's important for your users to understand that social engineering is not clicking, it’s not phishing, it’s not even spear-phishing; it’s the exchange of information between individuals and an unauthorized source that is backed by malicious intent by one or more of the individuals involved.
To reduce risk as it relates to social engineering requires awareness and technologies that are designed to detect these attacks. Barracuda Phishline shows your employees the latest attack techniques, which helps them recognize the subtle clues and help stop email fraud, data loss, and brand damage. Barracuda Sentinel protects companies from spear phishing and cyberfraud by stopping impersonation, domain spoofing, and hijacking.
Your Office 365 Email is Vulnerable to Thousands of Cyber Threats, and the biggest threats may already be in your Inbox! Get a free Email Threat Scan here.
For more information on how to protect your company from spear phishing and cyberfraud, visit www.barracuda.com. We offer free trials on all of our email security solutions.
Dennis Dillman is the VP of Product Management for PhishLine at Barracuda Networks. In this role, he has been responsible for rollout of an entirely new training program for the PhishLine platform, and he has worked with Fortune 100 customers to design and improve their security awareness programs.