Social engineering is a term that encompasses a wide range of malicious activity, but it’s broadly defined as the use of deception to manipulate individuals into revealing confidential or personal information that may then be used for fraudulent purposes or to gain unauthorized access to a computer network.

Common cyber-attacks that use social engineering techniques to dupe victims into divulging their data include pretexting, tailgating, Business Email Compromise (BEC), quid pro quo, baiting, phishing and spear phishing.

In 2019 alone, 88% of organizations around the world experienced spear phishing attempts in 2019 while 86% were targeted by BEC scammers.

In this episode of CQ Hacks, Paula Januszkiewicz demonstrates some of the ways in which users can be tricked into turning their data over to threat actors.

Paula shows how a seemingly innocent Microsoft Teams notification can actually be a cunning trap laid by a hacker. Using the tool Evilginx, a threat actor can create and deliver their own phishing campaign that allows them to capture a victim’s login credentials.

To the victim, the phishing attack will appear as a legitimate email that has been sent from an address that looks genuine, such as noreply@microsoft.online.com. However, contained within the email is a malicious link that will take the victim to a spoofed website, cleverly built to mimic the real Microsoft Teams login page.

When the victim enters their credentials to login, the attacker is able to steal their username and password and use it for nefarious purposes, such as logging onto another user’s portal.

Take a closer look at social engineering and join CQURE brand-new Social Engineering and Phishing Mastery Course and learn how to catch a phish.