Over the past 2 years, since the Covid-19 pandemic began, almost 50% of companies have not changed their information security landscape despite the change in networks from brick and mortar to hybrid and remote(ref). Despite the lack of change in environments, we are also still getting hit by attackers through more simple and avoidable means.
Have you ever gotten an email from your boss, which you know to be john.smith@yourcompany.com but the email heading says jsmith@almostyourcompany.com?
The social engineering ploy to impersonate your boss creates the most instances of social engineering, found in recent studies(ref). Part of these email impersonations deliver malware which has a purpose to exploit data in your environment and capture passwords. A recent study also found that the passwords are shared across different accounts, and have been admin accounts as well, which a recent test found (ref). The other part of the email impersonation is to develop a line of communication and exploit it, as you see in the example above.
While you read your email before you send it, you should also be concerned with who is sending it to you.
Reference:
- (Brooks C. 2022) Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Chuck Brooks, June 3, 2022, 03:57pm EDT. (https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/?sh=73665bb17864)