Social engineering has been a popular attack vector for criminals, both in the online and offline world. Over time, some of these social engineering attacks have evolved over time. Three types of attack have made a significant impact in 2016, and it is likely similar methods will be used throughout 2017 and beyond.
#3 The Resume Spam And Ransomware
Initially discovered in June of 2015, the “resume social engineering attack” has proven to be quite successful. Criminals send batches of emails to enterprises and retailers. Every email contains a message in which someone sends over their resume in the hopes of landing a job. Although these messages may seem harmless, they are capable of wreaking a lot of havoc.
To be more precise, these spam emails involve a ransomware-laden email attachment. The resume in question contains the CryptoWall 3.0 ransomware family, which locks down the infected system and demands a Bitcoin ransom. In 2016, similar spam email campaigns have been noted by security experts. Using infected attachments remains a popular way of distributing ransomware, a trend that will most likely continue throughout 2017.
#2 Olympic Vision And SnapChat
A somewhat new type of criminal activity revolves around compromising business emails. By turning employees into criminal accomplices, criminals have found new ways to exploit human nature. Olympic Vision was one of the more successful BEC social engineering schemes, causing close to US$130,000 in damages to every company it infected in 2015.
In March of 2016, a BEC scam showing a lot of similarities to Olympic Vision targeted Snapchat employees, resulting in company information being stolen and exposed. Although this did not damage the day-to-day operations of SnapChat, it goes to show even technology companies are vulnerable to social engineering.
#1 SS&C Technology BEC Scam
Perhaps the biggest social engineering attack of 2016 targeted Wall Street technology firm SS&C Technology. The company lost US$6m due to a Business Email Compromise scam. Tillage Commodities Fund, a US investment firm, filed a lawsuit against SS&C Technology as a result of this cyber threat in September of 2016.
Six fraudulent money transfers were made during this scam, three of which were sent overseas. However, SS&C Technology failed to verify the legitimacy of these transfers, as they processed payments without requesting the necessary redemption letters. Moreover, sending funds to foreign entities is not something the Tillage fund has ever done, and the Wall Street tech firm should have known better.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.