Phishing- A form of Social Engineering
Updated: Jun 25
Protecting your network both externally and internally requires more controls than a traditional perimeter security model and must rely on trust in user identity and device health.
Phishing is a form of social engineering - the act of deception, or taking advantage of a user’s trust to convince them to reveal sensitive information.
Spear phishing is a type of phishing attack that targets a specific individual or set of individuals. Attackers may do research on their targets via social media networks and publicly available information online, using the data to craft a credible message to convince victims to click, download or give away additional, non-public information.
Information Targeted in Phishing Attempts
Usernames and passwords that can be used to log into personal and work accounts.
Email addresses of colleagues or family and friends that can be used to send more convincing phishing emails.
Personally identifiable information like names, physical addresses, birthdates, Social Security Numbers, etc. that can be used for identity theft.
Confidential company information like details about mergers and acquisitions, research and development, and any other information that could be used to influence stock trading or for competitive gain.
Financial data a like credit card numbers, tax information or W2s that could be used to commit tax fraud and steal money.
Phone numbers that can be used to bypass two-factor authentication, as well as used to deliver SMS-based phishing campaigns.
Medical records or health insurance information like insurance policy IDs that could be used to commit healthcare insurance fraud.
#how_to_prevent_social_engineering #Email_addresses #Financial_data #ways_for_an_organization_to_prevent_social_engineering #social_engineering_real_life_examples #phishing_malware #phishing_a_form_of_social_engineering #Usernames_passwords