I got phished, but I never clicked?

Print Friendly, PDF & Email

One of the leading misconceptions surrounding social engineering and phishing is that the source of the problem is centered on users clicking on bad links. Make no mistake, a large percentage of social engineering attacks do invite users to click on bad links and this action can definitely have consequences, yet many of the highest profile social engineering attacks have absolutely nothing to do with links and nothing to do with clicking.

Some of the most damaging social engineering attacks often consist of nothing more than the patient accumulation of information which is then leveraged through many different mediums to inflict financial harm or damage a brand’s hard-earned reputation. One could successfully argue that the most difficult attack defend is the stealth-based approach in which conversation and information gathering occur very subtly outside the scope of advanced detection tools and beneath the radar of even the best-constructed defenses.  See our recent blog post here on examples of this type of rapport-based attack.

'Social engineering is not clicking, it’s not phishing, it’s not even spear-phishing; it’s the exchange of information that is backed by malicious intent by one or more of the individuals involved.'Click To Tweet

Every company now faces a challenging paradigm, which is the balance between effectively promoting their products, brands, and people while still successfully defending against how that very same information can be used against them.  Barracuda Sentinel is engineered with multiple layers of technology in order to protect you from these threats.  Still, it's important for your users to understand that social engineering is not clicking, it’s not phishing, it’s not even spear-phishing; it’s the exchange of information between individuals and an unauthorized source that is backed by malicious intent by one or more of the individuals involved.

Successful risk mitigation requires the application of a risk-based approach at the human layer that explores and answers more than just those who clicked and those who did not. The threat landscape as it relates to social engineering is constantly advancing and adapting in order to accomplish more with less effort. The foundation of successful attacks is often built upon building trust, preying on human curiosity, and upgrading from traditional attacks to scams that are harder to detect.  Attackers know this and it’s the very premise of most “Capture the Flag” contests that are sponsored and run throughout the year within the IT community to conclusively demonstrate this.

To reduce risk as it relates to social engineering requires awareness and technologies that are designed to detect these attacks.  Barracuda Phishline shows your employees the latest attack techniques, which helps them recognize the subtle clues and help stop email fraud, data loss, and brand damage.  Barracuda Sentinel protects companies from spear phishing and cyberfraud by stopping impersonation, domain spoofing, and hijacking.  

 

Your Office 365 Email is Vulnerable to Thousands of Cyber Threats, and the biggest threats may already be in your Inbox! Get a free Email Threat Scan here.

For more information on how to protect your company from spear phishing and cyberfraud, visit www.barracuda.com.  We offer free trials on all of our email security solutions.  

Scroll to top
Tweet
Share
Share