Phishing revealed as number one organization attack


BSI raises awareness of the top seven social engineering techniques used by attackers 

Cyberattacks have risen dramatically during the COVID-19 pandemic. At one point during the height of the crisis, the FBI’s Cyber Division reported that complaints about cyberattacks had risen by 400% to as many as 4,000 per day. This mirrors an anecdotal poll¹ BSI recently held with phishing cited as the most frequent organization hack for 59 percent of respondents, this was followed by malware at 44 percent, web hack at 21 percent, credit card hack at 18 percent and wireless compromise at 12 percent.

BSI’s cybersecurity and information resilience team continues to focus on educating organizations and individuals across industry sectors to raise awareness and mitigate the risks of social engineering techniques.

Social engineering techniques are becoming increasingly sophisticated and are used to trick individuals into divulging confidential information or taking an action that may not be in their, or their organizations, best interest. Understanding and being aware of the social engineering techniques attackers use is vital for everyone. Here are the seven most common techniques currently being utilized: 

  1. Phishing - this is the most prolific form of social engineering and is becoming increasingly sophisticated. It is a fraudulent attempt, whereby the attacker endeavors to steal personal or sensitive information by pertaining to be a well-known or trusted contact of the victim such as a colleague, bank, utility company or government department.
  2. Spear phishing - this is where an attacker targets a specific individual of value within a business sector, company or department and will research the target extensively to maximize their chances of success. Research can include obtaining specific knowledge about the individual and its organization through research, social media profiles or using other publicly available information.
  3. Whaling attack - this is seen as a ‘big fish capture’ with the email designed to masquerade as a ‘critical’ business email containing highly confidential information. It is sent to upper management, claiming to be from a legitimate authority. This sophisticated phishing attack is used to steal confidential information, personal data, access credentials and specific high value economic or commercial information. 
  4. Smishing (SMS phishing) - potentially the most financially damaging attack type, this popular technique carried out on mobile phones, is where a scammer sends a text message purporting to be from reputable companies that encourages the victim to pay money out or click on suspicious links. 
  5. Voice phishing (vishing) - scammers use this phone social engineering technique to gain access to personal and financial information by pretending to be a co-worker, bank official, a person of authority or trusted individual. Typically asking to confirm identity information, this technique is used to steal credit card information and relates to identity theft.
  6. Business Email Compromise (BEC) / Email Account Compromise (EAC) - attackers identify and research a target organization, send spear phishing emails or calls to a victim and convince them to perform legitimate business transaction 
  7. Baiting (or physical baiting) - this is a wide scale attack using online adverts, websites or even memory sticks left in visible places. The adverts can include offers too good to be true or have urgent warnings. Once the victim clicks through or opens the memory stick a pop up will appear tricking the user into giving personal information or giving a link to click that can result in a malware download.

Adam Hall, Senior Consultant Cyber, Risk and Advisory at BSI explains: “Social engineering has dramatically increased over the last few months and continues to rise day by day. We’ve focused on raising awareness and educating on how to identify various threats to help improve the security postures of employees across all industry sectors as well as the wider community.”

Always think before you click, if it sounds too good to be true, it probably is. Be aware of current phishing campaigns and the tone of an email and be particularly aware when it requests username and passwords or when it uses impersonal phrases. Always check if the sender’s address and the URL link match the company; roll the mouse over the link to see what the website is. If you have any doubt about the legitimacy of an email or any of the above technique scenarios highlighted, do not give out any information or open the email. Contact the individual directly by phone (using the advertised company phone number) to check for authenticity and report it to your IT department or relevant authority.

Additional details on social engineering techniques and advice on identifying suspicious emails can be found here. 

The Consulting Services team at BSI provides an expansive range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit

Share this Post:
Posted by IRL Staff


ad ad

Related articles

Patrick Rastiello joins Ardonagh Specialty to lead North America Reinsurance expansion

Ardonagh Specialty has appointed Patrick Rastiello as CEO* of its North American reinsurance operations.   Patrick will be responsible for building Ardonagh Specialty’s US reinsurance...

Global Markets Overview: February 2024

In this Global Markets Overview, we explore our global outlook and share what we think it means for 2024. As...


Risk Management Trailblazer Presented with RIMS Highest Honor for Lifetime Achievement in Risk Management  NEW YORK (February 13, 2024) – At the RIMS New Zealand and Pacific Island...

Insurer’s Lease More Than Doubles Its Chicago Office Space

Sompo International Plans Move to 46-Story Tower at 155 N. Wacker A global specialty insurance provider is more than doubling the size of its Chicago office in a move a few blocks north, bucking the trend...

Haynes and Boone, LLP is pleased to announce that Peter A. Halprin has joined the firm as a Partner

Haynes and Boone, LLP is pleased to welcome Insurance Recovery Partner Peter A. Halprin to the firm’s New York City office. A Chambers USA-ranked attorney, Peter joins from Pasich LLP, where...

LIO Specialty Launches Revolutionary Online Portal for Life Science Insurance Solutions

Leading the Excess and Surplus Lines Market with Innovative Coverage for Cannabis and Nutraceutical Industries  West Conshohocken, PA– LIO Specialty Insurance Company proudly announces the launch...