? true story from Group IB. Social Engineering.

The main component of phishing is that this method of attack allows us to bypass the most advanced defense systems, influencing people and their emotions so that they perform actions necessary for the attacker.
Today, we will get acquainted with the story from Group IB, about Social Engineering, greed and sudden help:

• When a customer asks to conduct a "social meeting" in the awareness format (the reaction to a letter from users is checked, and not means of protection), we know in advance that the average efficiency of such impacts (the number of users caught to the number of users who received letters) will be 20-25%. We also know that at least the same part of those who received it will not follow the links or launch the executable file, not because of alertness, but because of laziness.

• If you send another letter, the efficiency will increase significantly, if you call with a reminder of the need for a reaction, it will increase significantly. But about once a year we see a story when the effectiveness of mailing scales and confidently breaks 100%. How does this happen? Very simple. Then the recipient decides to share it with friends from other departments of the company, then the big boss will transfer it to a division controlled by him.

• The last time this happened was quite recently. A document was sent to the customer's employees with offers of discounts for the purchase of gadgets in a large retail chain. Closed affiliate sale, low prices, limited quantity — this always works.

• The user who opened the document was asked to select the positions for which he would like to find out the current prices, click on the button (in the document!) in order to allegedly get up-to-date data from the server of the trading network. When the button was clicked, the load was performed, and the user was shown a message about the temporary unavailability of the server due to a large number of requests.

• In the first hour it was quiet: not a single trigger. Then we received an email from an address that was not originally in the mailing list. The employee introduced himself as a specialist of the customer's PR department, said that one of the employees had sent him a letter, complained that the partner mailings were not coordinated with PR, said that the text of the letter contained errors and was poorly designed, and the list of recipients was generally strange and tiny. We were also informed that the text corrected by the PR people with our attachment was beautifully designed and sent to the whole company and in five minutes, the load worked for 2/3 of the company's employees. Thank you very much!