Phishing and social engineering accounted for 15 percent of cyber-crime costs incurred by U.S. companies in 2014, according to Statista.com. Furthermore, 44% of U.S. companies responding to a recent survey stated that they were targets of social engineering or phishing schemes (Statista).
Social engineering, phishing and vishing are everywhere you look these days. Fake IRS telephone scammers, recent large financial institution (FI) breaches via email scams, penetration testing failures, executive level breaches, you name it – it has happened.
Have you been lucky enough to receive a telephone call from the ‘Department of the IRS’ this year? No? I actually received two. Being the risk mitigation geek that I am, I couldn’t resist baiting the fraudster just a bit, asking as many questions as I could muster, keeping him on the line with me for as long as possible. It was a fascinating glimpse into the not-so-sexy world of the vishing scheme. They were probably armed with little more than a search engine and a telephone. They didn’t even know enough about the Internal Revenue Service to use proper nomenclature.