Social Engineering ExamplesThe Anatomy of a Social Engineering Attack

Social Engineering Examples in Action: 3 Real-World Case Studies

It’s easy to think that you’d never fall for a social engineering attack… until you see just how convincing these confidence scams can be. In fact, even some of the biggest companies in the world can fall victim to these malicious attacks.

The vast majority of people who were targeted in these scams aren’t stupid, unwary, or even incautious. They were victims of circumstance, with very practiced social engineers driving them to act through human emotional response.

In this chapter, we’ll walk through real-world examples of social engineering attacks so you can see the scam for what it is.

In arguably the most high-profile single social engineering attack to date, a Lithuanian man named Evaldas Rimasauskas perpetrated a spear-phishing attack against two of the largest tech companies in the world.

Rimasauskas created a dummy for a legitimate computer manufacturing firm that both Facebook and Google trusted. Through this fake company, Rimasauskas and his crew set up several bank accounts in the company’s name. They then spent two years slipping duplicate invoices for goods and services the manufacturing firm actually provided to each company, but with the fraudulent bank account attached.

Between 2013 and 2015, Rimasauskas managed to steal over $100 million from each company before the fraud was finally detected.

The executive of a UK energy company received a phone call from what he believed to be his boss, the CEO of the firm’s German parent company. The receiver was asked to transfer over £200,000 to an unknown supplier.

The individual on the phone sounded like his boss, so the man did what he was asked to do. Only later did he learn that the voice was a simulation created using AI voice technology, and he’d inadvertently helped a scammer steal nearly a quarter-million pounds from his company.

AI voice attacks, or vishing attacks, are becoming more commonplace as the technology develops. The FBI warns both consumers and merchants to be extremely cautious of any phone call asking for funds transfers or account requests of any kind. 

In 2021, a particularly tricky business email compromise scam was discovered by security researchers using Microsoft 365 as a vehicle. The scam revolves around a fraudster sending out emails with the subject line “price revision.”

The email would be blank, save for an attachment that looks like an excel spreadsheet XLSX file. The file will actually be an HTML file that leads the victim to a website containing malicious code or false login areas that record the user’s credentials.

Next Chapter

Identify Social Engineering

Read More