2025 Foundational Application of Social Engineering

Social Engineering Trends and Insights for Q4: What to Expect in the Fourth Quarter

Share This Post

As the year progresses, so do the social engineering scams. We know these scams are on the rise, but what exactly are they, and how do we protect our companies from them? Let’s look at 2 common social engineering scams we expect to see in the fourth quarter of 2024 and discuss ways to stay secure so we can be prepared.

Social Engineering Trends and Insights for Q4

Business Email Compromise Scams

The FBI states that business email compromise (BEC) scams are “one of the most financially damaging online crimes.” In a BEC scam, malicious actors will send an email purporting to be from a known source, which makes it appear like a legitimate request. The FBI provides the following examples:

 A vendor your company regularly deals with sends an invoice with an updated mailing address.

  • A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
  • A home buyer receives a message from his title company with instructions on how to wire his down payment.

What are the ways we can protect ourselves from these scams? The FBI provides the following tips:

  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling, in any correspondence.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Verify payment and purchase requests in person, if possible, or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the requests.

Vishing and AI Scams

If you have been on the internet in past months, no doubt you have noticed that AI gets mentioned nearly everywhere. One thing is sure, AI is here, and it is here to stay. AI has even been used in connection with vishing (or voice phishing) scams. Criminals are leveraging generative AI to clone voices and use them in vishing attacks. Reports of attackers posing as family members in need of money have been flooding in. In one instance, an attacker called someone impersonating their granddaughter. The individual being targeted was so convinced that this was their granddaughter that they gave the attacker their money. Unfortunately, we can expect to see cases like this increase in quantity. Additionally, these same techniques can be used to impersonate your company CEO, manager, or other employees with privileged access.

What about vishing without the use of AI, though? Is it a threat? We saw this demonstrated in a real-world example with the MGM Resorts cyberattack. This attack, costing MGM over $100,000,000, started with a vishing call to the organization’s help desk. Using information scraped from social media, the attacker posed as an MGM Resorts employee. This attacker was eventually able to leverage this information to gain administrator rights and deploy ransomware. This clearly shows the danger of vishing, even without the support of AI.

Remain Secure

Knowing the above, what can we do to protect our companies from vishing scams? Most importantly, don’t wait for the attack—be proactive and secure your business with our Managed Vishing Service. The experts at Social-Engineer are certified professionals trained to duplicate the tactics of real attackers, which means your team learns to deal with genuine threats.

Testing and training your employees are the primary ways to ensure they are ready for real world scenarios. Let us help you in strengthening your human firewall now, so we are all prepared for quarter four.

Links

https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/business-email-compromise

https://www.social-engineer.com/managed-services/managed-vishing-service/

https://www.social-engineer.com/managed-services/managed-phishing-service/

https://www.social-engineer.com/business-email-compromise-fraud-social-engineering-news/

https://www.social-engineer.com/vishing-attacks-and-ai/

 

More To Explore

Soft Skills for Cybersecurity Professionals
General

Soft Skills for Cybersecurity Professionals

As cyber threats continue to increase, so does the need for cyber security professionals. Some of the skills needed to succeed in the field of cyber security are programming skills,

Social Engineering

Keeping it Simple in Cybersecurity 

Today, the cybersecurity industry focuses a lot more on complicated solutions and tools. Companies are always looking to improve their security measures with the latest technologies. However, attackers often choose