Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Six Ways Cybercriminals Use Social Engineering

signs of a social engineering attack

about the author

Share this post

Reports such as the 2022 Verizon’s Data Breach Investigations Report (DBIR) place human beings as a central component in 82% of cyber attacks. Scammers use techniques based on social engineering to trick people into performing actions that benefit a hacker.

Social engineering is an umbrella term covering many tactics used to manipulate employees and other users. Here are six of the most common types of social engineering and how to prevent hackers from exploiting them successfully in your organisation.

Six Of The Most Common Social Engineering Attacks

1.    Phishing and Social Engineering

Spear-phishing, a targeted form of phishing, is implicated in 93% of cyber attacks, according to the 2018 DBIR. The less targeted form of phishing is still the second most common form of cyber attack tactic, according to Cisco.

Phishing is the perfect medium to allow hackers to manipulate human beings and so comes under the umbrella of social engineering. Phishing manifests in several forms. Already mentioned are phishing and spear phishing, but hackers will use any means of communication, including text messages and phone calls (SMShing and Vishing), to encourage people to click a link to a malicious website, provide personal information, or download an infected attachment.

2.    Social Media for Social Engineering

Social media provides a gold mine of information that cybercriminals can use to attack people, apps, networks, and data: scammers need data to feed cyber attacks, including Business Email Compromise (BEC).

When employees or other individuals share information on social media, fraudsters will be watching. According to a research paper, companies experience the following issues when employees share information on social media:

  • sharing too much information
  • loss of confidential information
  • increased exposure to litigation

The paper concludes that social media provides an open medium for sharing that complicates the challenges of social engineering.

3.    Tailgating and Piggybacking

Tailgating is one of the oldest social engineering scams in the book. Tailgating, or piggybacking, is often seen as a physical scam but can be digital too. In the physical world, tailgating is exemplified by the fraudster who slips into a company’s office building unnoticed. Fraudsters know how to look inconspicuous, allowing them to gain access to building without authorisation or to “piggyback” on someone entering a building.

Once inside, they can trick employees into sharing account credentials, such as passwords, or use hacking tools to steal data directly from computers. They may even use the old trick of looking over the shoulders of someone logged into a sensitive area of the network.

4.    Pretexting

Scammers often need data to ensure a successful social engineered scam. As mentioned above, the hacker can gather information to trick a person using social media, phishing, and tailgating. Pretexting uses social engineering to make people believe that the scammer is someone in authority or authorised to be in a particular place: in other words, the fraudster impersonates someone.

For example, they may pretend to be a contractor or C-level executive; this may seem unlikely, but a confident fraudster can make this happen in a large organisation with multiple offices.

5.    Baiting

People love free stuff, and baiting uses this behaviour to trick employees into handing over information such as sensitive data or financial details. For example, the fraudster will pick an employee or send a mass email offering a free product, such as a movie download. If the employee presses the download button, the result is an infected device.

This is an effective way to instal malware. An example of this in action was the pirated version of Game of Thrones, which became the most malware-infected TV show of all time in 2018; in all, 126,340 users became infected with malware when they downloaded the pirate version of the TV show.

6.    Quid Pro Quo

Quid Pro Quo is a Latin phrase (this for that) used to describe an exchange of something for goods or services. Cybercriminals want data, and a Quid Pro Quo is one way to get at that data.

A typical Quid Pro Quo attack would work like this: an employee receives a call from ‘tech support’ who tells them there is a ransomware attack underway and they need to remove the virus before it damages the employee’s work. The hacker must have the employee’s username and password to do so. If the employee falls for this ruse, the hacker will have access to the company network, which they can use to escalate privileges to more sensitive areas.

Three Ways to Protect Your Employees from Social Engineering Attacks

1.    Put Processes and Policies in Place

Often, social engineers need to rely on poor processes that allow them to exploit security gaps. For example, in tailgating, the intruder may depend on a lack of checks on people entering a building. Social engineers often rely on trust in authority figures to encourage an employee to act, such as transfer money, as experienced in a BEC scam.

Most social engineering scams need data, so the scammers turn to social media or phishing to pick up the information they need to carry out a cyber attack. Robust processes that add checks and balances whenever an action such as money or data transfer occurs can help prevent a social engineering attack. Policies that ensure that employees do not overshare on social media platforms help to avoid this form of data harvesting.

2.    Train Employees in Social Engineering Tactics

Social engineering takes many forms, and the cybercriminals behind social engineering attacks adjust these scams to avoid detection. Therefore, Security Awareness Training packages should include training in social engineering tricks, including the six scams described above.

Training must be done engagingly and use training modules that are interesting, fun, and informative.

The security awareness platform should also offer ways to capture the success rate of a training package to ensure that your organisation can update and adjust the training to create the best results possible. Training employees to recognise social engineering attacks should be performed regularly to capture changes in threat patterns.

3.    Use Simulated Phishing Programs

Phishing is a core technique that many social engineering attacks rely on. Spotting the tell-tale signs of a phishing email or other phishing message is a vital first line of defence against social engineering attacks. 

Phishing simulation software provides templates that can be tailored to reflect current social engineering tricks. These are then sent out as usual to employees and other business associates. If a user clicks on a malicious link or goes to download an attachment, the simulated phishing platform will intervene with a lesson on what would happen if they continued that action.

Six Ways Cybercriminals Use Social Engineering
phishing French img

Other Articles on Cyber Security Awareness Training You Might Find Interesting