1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Near-flawless Social Engineering attack spoiled by single flaw

Discussion in 'CSO' started by RSS, Oct 8, 2015.

  1. RSS

    RSS New Member Member

    A reader recently shared an email that was sent to their comptroller, which by all accounts was a near-perfect social engineering attempt. However, awareness training, combined with full executive support to question any suspect request, prevented what could've been a massive financial hit to the organization.

    The email, which was addressed to the comptroller from an account that (at a glance) belongs to the CEO, is itself similar to prior communications she had gotten from him.

    The email mirrors the organization's Outlook template, uses the CEO's image, even the clip and tone of the message itself looks normal. There are spelling errors, and formatting issues, but again these are expected in quick communications and rather common during day-to-day operations.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page