Honest insiders also are targeted by malicious outsiders through using social engineering. E-mail phishing (and spear-phishing to target high-value individuals) is one of the most common types of social engineering, but examples range from simple phone calls to carefully crafted Web sites hosting malicious content.
Modern-day fraudsters use every trick in the book when it comes to infiltrating a network. They are well prepared, well researched, and highly innovative. One of the most common tactics used to glean valuable information is social engineering, using techniques such as phishing or collecting data from social media.
Drive-by downloads are a common method used to spread malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the web pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form of an IFRAME that re-directs the victim to a site controlled by the cybercriminals.
the rapid rise in smartphones and tablets has led to a work phenomenon commonly referred to as BYOD (Bring Your Own Device). Coupled with Cloud-based business services, this has been a real game changer. So blurred have the boundaries now become that the more cavalier Internet habits of relatives and friends of every staff member have the potential to set the consumer and business world on a collision course.