December's awareness topic is one of our regular annual topics. Social engineering has been around for millennia - literally, in the sense that deliberate deception is a survival strategy adopted by many living beings, right back to primordial times.
So, what shall we cover this time around?
In 2018, the NoticeBored awareness module took a deep dive into phishing, a modern-day scourge ... but definitely not the only form of social engineering, despite what those companies pushing their 'phishing solutions' would have us believe. We picked up on 'business email compromise' as well, another name for spear-phishing.
In 2017, we explored 'frauds and scams' in the broad, producing a set of 'scam buster' leaflets explaining common attacks in straightforward terms, illustrated with genuine examples and offering pragmatic advice to avoid falling victim to similar tricks.
Back in 2016, the 'protecting people' module covered: social engineering attacks, scams and frauds, such as phishing, spear-phishing and whaling; exploitation of information and people via social media, social networks, social apps and social proofing e.g. fraudulent manipulation of brands and reputations through fake customer feedback, blog comments etc.; the use of pretexts, spoofs, masquerading, psychological manipulation and coercion, the social engineer’s tradecraft; and significant information risks involving blended or multimode attacks and insider threats.
Although we already have lots of content to draw upon and update, we always aim to cover current threats, which means this week our research phase draws to a close with a clearer idea of the scope of December's module, plus a bunch of recent incidents to illustrate the materials.
As to precisely what aspects of social engineering we'll be covering this time around, I'll drop a few more hints here on the blog as the module comes together.