Social Engineering

Social engineering remains a pervasive threat, as its many techniques have matured, and cyber criminals will almost certainly continue to use them to target industries indiscriminately. The intelligence capabilities of these actors have improved in recent years, providing them with more credible "social engineering bait," and they have extended their scope to money laundering networks, posing both challenges and opportunities to combat this type of fraud. 
    
Spoofing domains is just one example of social engeneering, and has been observed in the many cybercrime attempts, and is likely to remain as one of the primary techniques used by cyber actors. Whether at home or abroad, many cyber actors disguise their identity and conceal their activities by using a combination of rented or compromised infrastructure in domestic and foreign jurisdictions.
    
Increasingly sophisticated obfuscation techniques are also enabling actors to secretly obtain victims' data. Botnets used by cyber criminals are an important part of of their strategy for social engineering and operation of social networks.
    
Measured by the number of stolen or deleted corporate data, compromised personal data, and recovery costs incurred by US victims, this number has increased dramatically over the past decade. There are more than 1.5 million victims in the United States, most of them children. Defense contractors cleared to rejoin the military and other government agencies have previously been victims of PII thefts.
    
Social engineering can be used in so many ways, and is usually a means to an end whereby the attacker, or attackers, engage in some sort of deceptive behavior which is used to gather information about a target, which is then used to further an attack on a target. Social engineering is generally part of the reconnaissance process, but can also be a tool used to persuade, or manipulate, a subject to act in a manner which yields an outcome preferred by the attacker, or the one doing the social engineering. It is really a form of enticement.
    
Social engineering is also a phenomenon, although not all crime policies offer this, and some offer a multitude of boundaries. In most cases, supplementing cyber or crime-related policies with social engineering eliminates overlap. Triggers of social engineering are more common than other types of cyber crime such as theft, fraud, or theft of property.
    
Covering and expanding social engineering is the best way to manage these kinds of losses. When you add endorsements, you should ensure that your endorsements have enough leeway not to exclude every single potential avenue for social engineering.