Among social engineering attacks, phishing is the most common.
Phishing scams are usually done through emails, social media, or phone calls and appear legitimate on the surface.
Scammers pretend to be trusted individuals and persuade the user to give up private information by creating a situation in which it seems logical for them to provide their data.
There are two types of phishing scams:
1. Spam phishing
is carried out on a wide scale and targets multiple users at once through fake forms or links.
2. Spear phishing
targets a specific individual to draw out confidential information such as bank details.
If you want to know just how effective and dangerous social engineering attacks are, look at Google and Facebook.
Between 2013 and 2015, Evaldas Rimasauskas, a Lithuanian man, and his team set up a fake computer manufacturing company.
This company claimed to work with the two powerhouses and sent phishing emails to Google and Facebook employees, invoicing them for services.
They then deposited the money (up to $100 million) directly into fraudulent bank accounts.
In 2019, Rimasauskas received a 5-year prison sentence.