Authors: Christopher Hadnagy & Michele Fincher. – Published by WILEY
Introduction
Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the “human factor” as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineering—a phishing e-mail, a spear phish, or a malicious phone call (vishing).
I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes
up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more.
In a recent report, the Radicati Group estimates that in 2014 there was an average of 191.4 billion e-mails sent each day. That equates to more than 69.8 trillion e-mails per year.1 Can you even imagine that number? That is 69,861,000,000,000— staggering, isn’t it? Now try to swallow that more than 90 percent of e-mails are spam, according to the information on the Social-Engineer Infographic.2 E-mail has become a part of life. We use it on our computers, our tablets, and our phones. In some groups of people that I’ve worked with, more than half the people have told me that they get 100, 150, or 200 e-mails per day!
In 2014, the Radicati Group stated that there are 4.1 billion e-mail addresses in the world. Using that fi gure and a calculator, I discovered that the average is almost 50 e-mails per person per day, every day of
the year. Because we know that not every single person in the world gets that many messages, it is not inconceivable to think that many of us receive 100, 150, or even 250 e-mails per day.
As people get more stressed, as workloads increase, and as the use of technology reaches an all-time high, the scam artists, con men, and social engineers know that e-mail is a great vector into our businesses and homes. Mix that with how easy it is to create fake e-mail accounts, spoof legitimate accounts, and fool people into taking actions that may not be in their best interests, and we can see why e-mail is quickly becoming the number-one vector for malicious attackers.
When we are not running social-engineering competitions at major conferences like DEF CON, and Michele is not fi ghting with students (real story, I swear), we travel the globe to work with some of the biggest and best companies on their security programs. Even companies that know what they are doing and have robust programs for security awareness and protection are still falling victim to the threat of phishing.
We wrote the pages of this book with that experience in mind. We asked ourselves, “How can we take the years of experience in working with some of the world’s largest companies and help every company put
a plan into action to make the most of phishing education?”
Download & read the complete book 👇👇👇
