Pub. 8 2018-2019 Issue 4

22 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S unfortunately, social engineer scams and phishing accounts only seem to be growing, year after year. What do Social Engineering Tactics andBreaks inCybersecurity Look Like? There are many forms of social engineering scams and cybersecurity breeches. This list takes a look at some of the most common forms that every- one needs to become familiar with. Phishing Scams There’s a reason why phishing scams and other forms of online finan - cial fraud are so easy to fall for: It can be incredibly hard to make them out from the real things they represent. A case-and-point example is email-driv - ing phishing scams. They seek to ob - tain personal information—like legal, addresses, security numbers, and banking information—to help “facili- tate” transactions; these are especially common after-tax season when scam agencies claim to be IRS agents that are keen on taking funds for unpaid taxes. In some cases, they’ll even shorten embedded URL links, which appear to be legitimate, to later redirect them to a fraudulent website. Spear phishing Spear phishing is a technique that fraudulently acquires private infor- mation by sending customized emails to few system users. The difference between phishing attacks, and spear- fishing attacks is that phishing scams send out high volumes of emails with the expectation that only a few people will respond, whereas spear phishing emails require the attacker to take a more substantial, targeted interest in their targets in order to "trick" end users into performing requested activi- ties. The success rate of spear-phishing attacks is considerably higher than phishing attacks. Pretexting According to Social Engineer.org, “pretexting is defined as the practice of presenting oneself as someone else to obtain private information. It is more than just creating a lie, in some cases, it can be creating a whole new identity and then using that identity to manip- ulate the receipt of information.”