From the most mundane spam to the most sophisticated targeted exploit, most online attacks begin with a simple step: fooling a human.
Whether it's phishing, watering holes, social networking scams, or some other form of social engineering, most attackers agree that it's easier to fool a user into downloading malware or giving up a password than it is to crack a computer-based defense system. In many cases, all the attacker has to do is find one user who's willing to click on a bad link -- and they're in.
On today's Dark Reading Radio show at 1:00 p.m. Eastern, we'll be taking a look at some of the latest trends and threats in the world of phishing and social engineering, including some of the most recent attacks that led to major business breaches and some new attacks that may affect users in your organization. I'll be joined on the show by Scott Greaux, an executive at security firm PhishMe who follows these trends and threats and can offer some insight on how they work and how your users can recognize them.
From the early days of easy-to-spot Nigerian money scams, online social engineering has evolved a great deal over the years. Today's attacks are not always simple ploys to get users to download malware via email -- they may involve infecting your users' favorite websites ("watering holes"), detailed surveillance of specific users via social networks, or even phone calls or personal visits designed to fool individual users into giving up their passwords. Today's show will look at some of these current scams, and how your organization can detect them before they go too far.
A key part of the discussion will be the tools and techniques your organization can use to stop social engineering. While simple anti-spam programs may filter out some of the threats, it is not unusual for these attacks to elude electronic defenses and arrive safely in the end-user's mailbox or social networking account. In these cases, a program of security awareness training may help users to recognize a scam or fake email message -- and prevent the infection of your network. But not all experts agree on user training strategies. Today's show will discuss those strategies, and what works.
Dark Reading Radio offers community members a chance to not only listen to the discussion, but to participate through online chat. We hope you'll join today's show and offer your insights on social engineering -- and how to protect the organization from this constantly growing threat.