Companies believe they will suffer a breach in customer data next year.

Social engineering is a malicious practice that aims to obtain sensitive information, doing so through the manipulation of legitimate users so that they reveal it to the attacker.

Every day there are new companies that have been damaged through social engineering.

Learn about the most vulnerable asset types for your organization:

• Information.
• Instances or servers.
• Hardware or software.
• Processes.
• Customer or employee databases.

Care! The most frequent social engineering strategies are:

1. Spear phishing

It is related to phishing, although this method is a bit more complex. It is a campaign aimed at employees of a particular company, from which cybercriminals want to steal confidential data.

1. Phishing

It is a very old method that is still used today to deceive users, sending spam emails in order to obtain any type of data or confidential information such as; usernames, passwords, access keys and passwords, among others.

1. Vishing

It is carried out by telephone. The attacker pretends to be a trusted employee, requesting confidential data: passwords, customer account access, systems, names of databases, instances and/or servers, among others.

What to do to prevent or in case of a possible attack?

• Raise awareness among users on social engineering issues.
• Phishing and Vishing tests.
• Report any spam email to a security officer in order to avoid any risk or threat within your organization.
• Avoid entering data into insecure Web sites or portals.
• Be cautious in links that arrive by message or email.

Do you have questions or would you like to learn more?

At Itera we can provide you with consulting services and solutions.

Contact a specialist:

delfino.vazquez@iteraprocess.com

seguridad@iteraprocess.com