Privacy laws, like any other infosecurity control, have exploitable vulnerabilities. For social engineering purposes, GDPR has a number of real benefits. Firstly, companies only have a month to reply to requests and face fines of up to 4 per cent of revenues if they don't comply, so fear of failure and time are strong motivating factors.
From the bedroom of the Leicestershire home he shared with his mother, Kane Gamble used “social engineering” to access the personal and work accounts of some of America's most powerful spy chiefs.
As banks have upped their security systems, fraudsters have realised mobile phone security is much easier to get around, and can be the key to accessing a bank account. The cases should serve as a warning to anyone who uses their mobile phone to verify themselves to their bank – by one-time passcodes or similar.
Often overlooked by information security providers, impersonation attacks are an easy and effective way to gain trust through a combination of social engineering and technical means.
Technology breeds crime—it always has and it always will. There’s always going to be people willing to use technology in a negative, self-serving way. So today it’s much easier, whether it’s forging checks or getting information.
LinkedIn is a treasure trove of easily accessible personal information and company IT data. Unbeknownst to most of the employees who post their information on LinkedIn, any hacker looking to wreak havoc on a company’s highly sensitive, business-critical data could find his or her point of entry using this ubiquitous business networking forum.
Twitter is an incubator of phishing thanks largely to the prevalence of typos and shortened URLs that make it hard for users to know exactly where links are taking them.