by (NEXSTAR) – On Friday, the Federal Bureau of Investigation released a warning about Scattered Spider, a cybercriminal group currentlytargeting the airline industry.The group, reportedly responsible for cyberattacks on several Las Vegas casinos in 2023, is believed to heavily utilize "social engineering" methods in its attacks—a strategy aimed at manipulating victims into granting access or information.
“In a social engineering attack, an attacker leverages human interaction (social skills) to acquire or undermine information related to an organization or its computer systems,” according to the Department of Homeland Security’sCybersecurity and Infrastructure Security AgencyCISA describes these kinds of scams. According to CISA, attackers might use that information to impersonate a trusted individual employed by or associated with the victim's organization in an attempt to gain access.
Scattered Spider has employed social engineering techniques such as pretending to be company employees or outside contractors in order to trick IT help desks into providing access, as well as persuading help desk staff to register unauthorized [multi-factor authentication] devices to already compromised accounts.according to the FBI.
However, social engineering can manifest in various ways and may target ordinary individuals, not just businesses.
"Usually, older adults are the most susceptible to social engineering tactics, but they aren't the only ones affected," said John Young, a cybersecurity specialist and chief operating officer of an encryption firm.Quantum eMotion America.Lonely individuals often become targets of romance scams; those seeking quick rewards may fall for schemes promising fast wealth; and even experienced people driven by a fear of missing out can be deceived by investment frauds.
These kinds of attacks are extremely prevalent as well. Fraudsters frequently reach out to possible victims via email or text messages (known as phishing and smishing scams) and occasionally by phone, often pretending to be a financial institution or online retailer, and request that the victim confirm their personal details or account passwords.
Joseph SteinbergAccording to , a cybersecurity specialist and the writer of "Cybersecurity for Dummies," these attacks take advantage of a vulnerability in the human mind.
“We’re not built to sense dangers that are far off. … For most of history, surviving didn’t require us to be concerned about threats from someone unseen, 3,000 miles away,” Steinberg said to Nexstar.
“But people tend to place more trust in technology than in other individuals,” he continued. “If I approached you on the street and claimed your banker instructed me to tell you to reset your password, you wouldn’t believe me. However, if you receive an email that appears to come from [a bank], it might be a completely different story.”
It's becoming increasingly difficult to distinguish social engineering attacks from genuine interactions. As highlighted by cybersecurity teams at organizations likeCrowdStrike, IBM and Yale University.
Artificial intelligence can enable malicious individuals to produce deepfakes—synthetic images, videos, or audio recordings that are almost impossible to tell apart from real ones—in an attempt to deceive others. Steinberg mentions having witnessed this method used over the phone, where fraudsters employ deepfake audio to imitate the voice of a victim's family member requesting money or confidential information.
Every time I've witnessed it in action, it functions properly," he remarked. "The AIs are truly that capable.
CISA provides a variety ofTips to reduce the chances of becoming a victimSocial engineering attacks can be mitigated by taking precautions such as minimizing the personal information you post online and reaching out to a bank or company directly—using contact details from their official sources—if you receive a suspicious email or message, to confirm its legitimacy.
With AI now in play, Steinberg also recommends creating a plan to confirm the identity of family members—and especially children—if they receive a questionable call from someone claiming to be a loved one.
“I’m going to ask them for a piece of information that only my child would know,” Steinberg said.
By grasping how these tools work, the risk of falling victim can be significantly reduced, even if it cannot be entirely removed.
“The key is to truly understand that you are a target,” Steinberg stated. “When you believe that someone might be trying to trick you, your behavior naturally changes.”
Young also mentioned that a skeptical mindset can be particularly beneficial for vulnerable populations to embrace.
I lead free classes for AARP aimed at senior citizens, and when I mention that scammers used to be called con artists, it really resonates with them," he explained. "That's right—today's scammers are simply a modern term for the same type of individuals who have been using charm and manipulation, otherwise known as social engineering, for ages.
Copyright 2025 Nexstar Media, Inc. All rights reserved. This content may not be republished, aired, modified, or shared in any way.Get the latest updates on news, weather, sports, and streaming videos by visiting 28/22 News.
No comments:
Post a Comment