This is a timely article I put together for internal distribution as part of a Security Awareness program. Feel free to grab and use as part of your Security Awareness program.

Link: https://www.ic3.gov/Media/Y2024/PSA240411  

The Federal Bureau of Investigation (FBI) has issued an alert regarding an increase in social engineering attacks that cybercriminals are using to compromise personal and corporate accounts. The techniques identified include impersonating employees, SIM swap attacks, call forwarding, simultaneous ringing, and phishing—each designed to manipulate victims into divulging sensitive information. 

Social Engineering Techniques: 

• Employee Impersonation: Cybercriminals pose as company employees to trick IT or helpdesk staff into granting them network access. 

• SIM Swapping: Attackers deceive mobile carriers to transfer a victim’s phone number to a device they control, potentially bypassing multi-factor authentication to access financial and other secure accounts. 

• Call Forwarding and Simultaneous Ring: This method involves forwarding a victim’s calls to the attacker’s number, again potentially circumventing multi-factor authentication. 

• Phishing: Phishing emails mimic legitimate institutions to solicit sensitive information, such as login credentials and personal identification numbers. 

Protection Recommendations: 

• Personal Security Measures: 

• Avoid responding to unsolicited requests for personal information. 

• Set unique passwords for voicemail and mobile accounts. 

• Contact your mobile carrier to block unauthorized SIM changes and call forwarding. 

• Regularly check your account activity for any unauthorized changes. 

• Use complex passwords and avoid posting personal data online. 

• Corporate Security Measures: 

• Pay attention to email banners for messages coming from external sources. 

• Use non-email based multi-factor authentication. 

• Report any phishing and social engineering attempts. 

Reporting and Additional Actions:

If you believe you are a victim of a social engineering attack: 

• Contact your service providers to secure your accounts. 

• Report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov for further investigation. 

• Reach out to [INSERT SECURITY INBOX] if you suspect any of these social engineering techniques are being used at work. 

This alert underscores the need for heightened vigilance and proactive measures to safeguard against sophisticated social engineering tactics that are increasingly prevalent in today’s digital landscape. We thank you for helping keep [COMPANY] secure.