We define Social Engineering as ‘attacking the human’. Which sounds quite brutal and although in the world of cyber this is not a physical attack against a human – it is a threat that seeks out human vulnerabilities.
I normally talk about what makes us human by describing your average person as:
Loving and trusting. Most people on the planet are kind, charitable and peaceful.
Pack animals. We, by our very nature and existence are herd or pack animals. We live in close family units, within towns or cities and countries with history, traditions and culture that make us who we are. We are also very patriotic, family orientated and biased because of our way of life. We also follow the herd for a large percentage of the time.
Lazy. We will normally take the quickest or easiest route available. Whether that be a trip to the shops, path to success or way to make money – if there is a quick and easy option, we will take it.
There are lots of other traits that make us who we are and of course there are some that don’t fit into this general model.
The attributes above give us strength – but inversely make us vulnerable.
When there is a realistic threat which seeks to exploit a vulnerability – then we are all at risk of attack.
Cyber threats that involve social engineering are widespread and the techniques, tactics and procedures employed by threat actors are equally diverse.
One thing that criminals in particular are good at is evolving and developing new techniques quickly to circumnavigate problems or to exploit new avenues of opportunity.
We witnessed this several years ago at the outbreak of Covid. Criminals in all forms were using the vulnerability of humans to exploit them. Watering Hole sites, phishing campaigns and online fraud using the cover of Covid all sprang up.
And so it should be no surprise that the outbreak of war in Eastern Europe should present an opportunity for cybercriminals to rejig their tactics to expose those human traits.
We all want to help. If you are not able to sponsor a refugee then the easiest way to help is to make a donation to a charity which is helping. Serves several purposes – helps your fellow human, makes you feel good about doing something and is quick and easy. Some others have rented vans and trucked to Poland to deliver aid, others are running marathons and some are physically in place to assist NGOs where they are needed.
Me – I will log on and donate a couple of quid.
But let the donator beware! In the latest NCSC Weekly Report (25 Mar 2022) there is a small but perfectly formed item entitled ‘Phishing scams ‘fundraising’ for Ukraine’.
https://www.ncsc.gov.uk/report/weekly-threat-report-25th-march-2022#section_2
Already Action Fraud (in the UK) have received nearly 200 reports of scam emails purporting to raise money for those affected in the conflict.
It is important to help if you can. But it is important to ensure that your help is directed to the right cause.
Phishing campaigns are becoming more sophisticated. We are all vulnerable to them. At a time of heightened vulnerability the risk is bigger.
In the words of Ed Sheeran – before you save someone else, make sure you save yourself from online fraud (note: not the actual lyrics)
