4 Statistics That Prove The Dangers Of Social Engineering

In its latest Internet Crime Report, the U.S. Federal Bureau of Investigation (FBI) logged nearly 850,000 cyber crime complaints worldwide in 2021. These complaints reported a total loss of USD$6.9 billion (AUD$9.2 billion) to hackers and other cyber criminals. This figure yielded the most significant increase in economic losses in five years. (1)

As if such numbers aren’t terrifying enough, the same report also indicated that most complaints involved trickery, plain and simple. Through witty design and messaging, perpetrators rely on their victims to commit cyber security risks to get what they want. The cyber security business has an encompassing term for such activities: “social engineering.”

Don’t let its fancy lingo lull you into a false sense of security. Social engineering has proven to be shockingly effective, and the following facts and stats from various network security services and experts prove it.

Of the total complaints filed to the FBI in 2021, over 92,000 were from users aged 60 and above (note that not everyone disclosed their age). The economic losses they experienced totalled about USD$1.68 billion (AUD$2.24 billion), more than any other age group. (1)

What makes older adults more vulnerable to social engineering machinations? Experts believe these people have several risk factors playing against them, including:

• Having a sizeable retirement fund
• Not able to monitor their credit as often as younger generations
• Tend to give their trust more quickly, even to strangers online
• Less likely to report when scammed out of shame (2)

Experts also say that senior citizens might not keep up with the latest technology as much as the youth. Given the fast pace at which hardware and software evolve, cyber security services often educate people on the dos and don’ts of interacting with suspicious media.

Phishing accounts for nearly 40% of all cyber security complaints to the FBI in 2021, making it the most prevalent socially-engineered attack. The number of phishing victims alone trumps any other form of cyber crime, such as identity theft, confidence fraud, data breaches, and business email compromise (BEC). (1)

According to Dr. Akashdeep Bhardwaj, an IT security expert at India’s University of Petroleum and Energy Studies, the key to phishing’s prevailing success lies in its “simple, straightforward, masquerading methodology.” Phishing emails and sites pretend to be as legit as the emails and sites they’re copying, luring users to enter their personal information. As such, some IT security services struggle with discerning between the real deal and the fraud. (3)

Recent innovations have also allowed perpetrators to improve their phishing skills, creating more personalised media for the upper echelons of a business or organisation. The computer security service industry refers to such attacks as “whaling,” an apt name for perpetrators attempting to reel in a big catch.

Despite comprising only a tiny fraction of the complaints, BEC attacks yield the highest losses among other forms of cyber crime. The roughly 20,000 complaints filed in 2021 registered total losses of around USD$2.4 billion (AUD$3.2 billion). By comparison, the 324,000 complaints on phishing yielded losses of only USD$44 million (AUD$59 million). (1)

The high payout of BEC attacks, sometimes known as CEO fraud, stems from its nature. A perpetrator can gain access to the email account of a high-ranking individual in a business or organisation, tricking employees, customers, and investors into giving up their hard-earned money. Without cyber security solutions to prevent unauthorized access, BEC attacks make easy money.

BEC attacks have duped even major brands out of their capital. One high-profile case involved Facebook and Google losing USD$123 million (AUD$164 million) to a fraudster that masqueraded as an electronics manufacturer. (4)

It’s easy to think of the typical cyber criminal as a tech-savvy individual who employs state-of-the-art hardware and software to orchestrate an attack. But contrary to popular belief, many enterprise security services and experts say only 2% of recorded incidents involve technical exploits.

The remaining 98% involve some form of social engineering, meaning cyber criminals depend mainly on their victims committing mistakes. The lack of awareness among employees can put companies in a precarious financial position. (5)

Sun Tzu explains that “all warfare is based on deception,” and cyber war is no exception. Playing tricks on unsuspecting users is fair game in social engineering, and awareness is the best form of protection. By knowing that such threats exist, people can take the necessary measures to thwart them, such as using programs like an Optus internet security suite.

1. “Federal Bureau of Investigation Internet Crime Report 2021”, Source: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
2. “3 Cyber Fraud Tactics Targeting Seniors And Why They’re So Effective”, Source: https://cybersecurityventures.com/3-cyber-fraud-tactics-targeting-seniors-and-why-theyre-so-effective/
3. “Why is phishing still successful?”, Source: https://pmclegacy.ncbi.nlm.nih.gov/pmc/articles/PMC7508510/#
4. “Google and Facebook scammed out of $123 million by man posing as hardware vendor”, Source: https://www.tripwire.com/state-of-security/featured/google-and-facebook-scammed-out-of-123-million-by-man-posing-as-hardware-vendor/
5. “2021 Cyber Security Statistics The Ultimate List Of Stats, Data & Trends”, Source: https://purplesec.us/resources/cyber-security-statistics/