Social engineering has been a popular attack vector for criminals, both in the online and offline world. Over time, some of these social engineering attacks have evolved over time. Three types of attack have made a significant impact in 2016, and it is likely similar methods will be used throughout 2017 and beyond.
Initially discovered in June of 2015, the “resume social engineering attack” has proven to be quite successful. Criminals send batches of emails to enterprises and retailers. Every email contains a message in which someone sends over their resume in the hopes of landing a job. Although these messages may seem harmless, they are capable of wreaking a lot of havoc.
To be more precise, these spam emails involve a ransomware-laden email attachment. The resume in question contains the CryptoWall 3.0 ransomware family, which locks down the infected system and demands a Bitcoin ransom. In 2016, similar spam email campaigns have been noted by security experts. Using infected attachments remains a popular way of distributing ransomware, a trend that will most likely continue throughout 2017.
A somewhat new type of criminal activity revolves around compromising business emails. By turning employees into criminal accomplices, criminals have found new ways to exploit human nature. Olympic Vision was one of the more successful BEC social engineering schemes, causing close to US$130,000 in damages to every company it infected in 2015.
In March of 2016, a BEC scam showing a lot of similarities to Olympic Vision targeted Snapchat employees, resulting in company information being stolen and exposed. Although this did not damage the day-to-day operations of SnapChat, it goes to show even technology companies are vulnerable to social engineering.
Perhaps the biggest social engineering attack of 2016 targeted Wall Street technology firm SS&C Technology. The company lost US$6m due to a Business Email Compromise scam. Tillage Commodities Fund, a US investment firm, filed a lawsuit against SS&C Technology as a result of this cyber threat in September of 2016.
Six fraudulent money transfers were made during this scam, three of which were sent overseas. However, SS&C Technology failed to verify the legitimacy of these transfers, as they processed payments without requesting the necessary redemption letters. Moreover, sending funds to foreign entities is not something the Tillage fund has ever done, and the Wall Street tech firm should have known better.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
Step Finance has disclosed a significant security incident involving its protocol-owned funds, marking one of…
The crypto industry is once again grappling with a rising wave of security breaches as…
Ethereum co-founder Vitalik Buterin is once again challenging a popular crypto narrative, this time around…
Shockwaves moved through the Solana ecosystem after DeFi dashboard and portfolio platform Step Finance confirmed…
Tether has released its Q4 2025 quarterly attestation, and the numbers confirm what much of…
Lighter is officially stepping beyond its roots as a high-performance perpetual DEX with the launch…