News / Blog
« Return to News

Password Weaknesses Are Exploited By Social Engineering

Password weaknesses can be exploited. Today, users are susceptible to social engineering because they access more web-based systems. With the increased adoption of cloud computing, users are logging into more internet-based systems. How can your company reduce risk to social engineering? The FFIEC states, “Controls against these attacks [social engineering] involve strong identification policies and employee training.”

The Federal Financial Institution Examination Council (FFIEC), which is a governing body that provides guidance to banking agencies, states, “All authentication methodologies display weaknesses. Those weaknesses are of both a technical and a nontechnical nature. Many of the weaknesses are common to all mechanisms. Examples of common weaknesses include warehouse attacks, social engineering, client attacks, replay attacks, man-in-the-middle attacks, and hijacking.” (FFIEC Information Security Booklet)

With the rise of adoption of cloud computing, users are increasingly more susceptible to social engineering due to the increase in web-based applications that they log into. How to can your company reduce risk to social engineering? The FFIEC states, “Controls against these attacks [social engineering] involve strong identification policies and employee training.” PhishingBox allows you to test employees susceptibility to social engineering. This testing also acts as training as it helps employees understand some of the various attack scenarios used by social engineers.

Posted by PhishingBox on 02/19/2012
Read More Phishing Facts | Take a Free Phishing Test
View our Security Awareness Training for Employees





Protect Your Employees!

Try our Phishing Simulation Software

Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.


 

Receive
Phishing Alerts

Learn about recent security breaches that involve phishing and receive security tips and tricks to protect your business.

* indicates required