cyber security engineer careers

 What is social engineering and why is the approach to cybersecurity changing?

This concept, which specifically refers to the modality through which the attacker makes a detailed follow-up of the victim, collecting information and looking for a space outside the increasingly elaborate computer security systems, human psychology.

The social engineer uses the study of users' digital consumption to create a profile of the victim, but also pays special attention to their daily behavior outside the technological environment: going out to restaurants, shopping centers or any recurring or predictable activity.

The offender's ability consists of converting the data obtained into opportunities to attack, through techniques that generate curiosity, a sense of urgency or fear in the possible victims, according to their profile and according to the information they want to obtain.

TOO GOOD TO BE TRUE

Have you received invitations or "promotions" in which they offer you access to free movie or music streaming services? Surely. Believe it or not, this is still an effective way to collect personal and business data.

Now, imagine that this is just a random attempt by cybercriminals. Social engineering goes one step further and generates segmented actions aimed at capturing the data of a certain person through:

Wifi access points

Phone calls

Instant messaging and SMS

External USB memory

THE PHISHING

It is the most effective modality of social engineering attacks. It is about the theft of data, credentials and passwords through malicious emails in which impersonating brands, people and even job profiles, with a click of the victim can generate the installation of malware, freezing the system as part of an attack of ransomware or the theft of confidential information.

"91% of cyberattacks start with a spear phishing email"

CYBER CRIME AS A SERVICE

It is such a profitable business that there is currently a criminal environment dedicated to creating and providing phishing attacks, using global botnets to avoid the use of suspicious IP ranges, in the best style of the most sophisticated marketing strategies. In many cases with better results.

This is how we are beginning to see BEC (Business Email compromise) scams, a dangerous new subset of phishing attacks that allows attackers to expand their profits by targeting high-value corporate targets cyber security engineer careers.

TRACKING LEVEL (CLICS) OF PHISHING EMAILS

social engineering

Source: Verizon 2016 DBIR & Experian Email Benchmark Report Q4 2016

Signs to watch out for to discover potential phishing attempts, take note: