Social engineering is one of the largest threats to an organization’s cybersecurity — and scammers are only getting more clever and sophisticated in their attack methods. According to Proofpoint, in the third quarter of 2019, URL-based email threats comprised 88% of overall malicious messages. And although email remains a top method of attack, phone-based social engineering scams are among the fastest growing types of threats.In the United States, the Federal Trade Commission reported that 77% of its fraud complaints involve contacts by telephone, of which social engineering is a subset. 

I don't know anyone who hasn’t received at least one scam call already this year — I received two yesterday alone.  In the past two weeks, I've had scam phone calls from Belgium, Uganda, Senegal, Cuba, and Estonia and multiple from Australia.  It’s not surprising, then, that phone scams are receiving increased mainstream media coverage, and increased focus from regulatory bodies.

Social engineering scams have been around for years, and have been mostly used for phishing and vishing (compromising user credentials). But cybercriminals have taken phone-based scams to a new level of sophistication — and it’s paying off.

Social engineering is one of the fastest growing threats to a business’s cyber security. In social engineering attacks, a fraudster works to gain the confidence of a victim and manipulate them to hand over or enter personal, confidential information that can then be used to commit fraud online. In 2016, 60% of enterprises were victims of social engineering attacks. And phishing, a form of social engineering, accounted for 90% to 95% of all successful cyberattacks worldwide in 2017.