Social engineering has been one of the largest threats to an organization’s cybersecurity for some time. Scammers are becoming more clever and sophisticated in their attack methods, and the global outbreak of coronavirus has shown that these criminals are not afraid to prey on high levels of public fear and the extensive spread of misinformation to develop new campaigns for their financial gain.

I don't know anyone who hasn’t received at least one scam call already this year — I received two yesterday alone.  In the past two weeks, I've had scam phone calls from Belgium, Uganda, Senegal, Cuba, and Estonia and multiple from Australia.  It’s not surprising, then, that phone scams are receiving increased mainstream media coverage, and increased focus from regulatory bodies.

Social engineering scams have been around for years, and have been mostly used for phishing and vishing (compromising user credentials). But cybercriminals have taken phone-based scams to a new level of sophistication — and it’s paying off.

Social engineering is one of the fastest growing threats to a business’s cyber security. In social engineering attacks, a fraudster works to gain the confidence of a victim and manipulate them to hand over or enter personal, confidential information that can then be used to commit fraud online. In 2016, 60% of enterprises were victims of social engineering attacks. And phishing, a form of social engineering, accounted for 90% to 95% of all successful cyberattacks worldwide in 2017.