News Feed

FBI’S Internet Crime Complaint Center Warns of Increased Social Engineering Attacks

Thu, Jun 16, 2016


The FBI’s Internet Crime Complaint Center (IC3) recently warned of increased social engineering attacks in the form of email extortion campaigns and technical support scam calls, also known as vishing. The email extortion attacks are believed to stem from recent data breaches like those of Anthem and the IRS, as massive amounts of personal data were stolen. The extortion emails target data breach victims and threaten to release personal information to social media contacts, family, and friends if a ransom is not paid. The FBI advises against ransom payment as it can lead to additional criminal activity. The following includes example text from one of the fraudulent emails:

“Unfortunately, your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”

The FBI also noted increased technical support vishing calls. In this scenario, a hacker claims to be an employee or affiliate of a well-known computer software or security company and offers the victim technical support for their computer. Recent complaints to the IC3 specified that some hackers are claiming to be with cable or Internet companies and are telling the victim they received problematic notifications from their Internet connection. In another variation of these recent vishing attacks, a hacker will contact the victim offering a refund for prior technical support provided by a company that has since closed.

In the first four months of this year, the IC3 received 3,668 complaints with $2,268,982 in associated financial losses.

Now, more than ever, it is critical to ensure that your employees are armed with the knowledge necessary to identify, prevent and respond to social engineering attacks. This can be accomplished through regular security awareness training and third-party social engineering testing.  


Source: tracesecurity blog