In 2007 a thief managed to steal 21 million euros in diamonds from a bank in Belgium using only social engineering. He created an account at the bank with a stolen passport, and gained the trust of the employees for a year by posing as a successful businessman. He frequently visited the bank and gradually gained the trust of the employees (with small details such as boxes of chocolates), until he became friends with the staff.

Since the workers thought the swindler was a special client and were friends with him, they gave him access to the vaults where the diamonds were kept, an opportunity that the thief did not miss.

It should be noted that the stolen area had been equipped with a security system costing more than 1 million euros.

In 2013 the Associeted Press Twitter account, an account notable for its high impact in the United States with over 1.9 million followers, and a tweet was posted stating that the White House had been bombed and President Obama was injured in the blast.

That tweet was only active for 3 minutes, however in that time the Wall Street stock market dropped 150 points, about 136 billion before it recovered near its previous level. This email could have had a devastating effect on the U.S. economy, and properly managed, could have netted the attackers a large amount of money through short-term trading in the stock market.

The attack was done by sending a spear phishing email targeting Associated Press employees, as if it came from other employees of the same company, although in reality the attack was sent from a group called the Syrian Electronic Army. Within the email the sign that it was a phishing email was the fact that the name of the email sender did not match the name that appeared in the email signature.

In 2013 a 17-year-old was fired from his job at Walmart after stealing money. Following this and taking advantage of the fact that he still had his company uniform, he went to 3 other Walmart locations and stole another $30,000.

He accomplished this by simply walking into the stores confidently, dressed in the Walmat uniform, and claiming that he was conducting an inventory of the stores before the general managers conducted a post-holiday inspection. Store employees believed his story and granted him access to the restricted areas he needed, on some occasions the store manager even gave him a hug of thanks, although that opinion changed when he realized what the young man had actually done.

In 2013 the software company Bit9 was hacked using the “watering hole attack” tactic, which involves infecting websites that the target is likely to visit, and waiting until their malware successfully infects a device from that company. For example, in this case the attacker could have infected a website such as Stack Overflow, which programmers frequently visit to ask or answer programming-related questions.

As a result of the Bit9 attack, the cybercriminals managed to steal the certificates used by Bit9 for code signing, allowing them to create malware that looked like legitimate Bit9-developed software, and attack organizations that use and trust Bit9-signed software.

In 2014 Sony pictures was preparing to release the movie “The Interview,” a comedy about two men training to assassinate the leader of North Korea. In response North Korea threatened terrorist attacks against movie theaters and allegedly hacked Sony Pictures’ computer networks (although North Korea denied involvement).

The cyberattack began with a phishing email posing as Apple to several Sony executives, asking them to verify their credentials. Using the LinkedIn profiles, the attackers determined their likely login credentials for the Sony network, and identified at least one executive who used the same password for both his Apple and Sony accounts. With those credentials the credentials managed to steal 100 terabytes of confidential company and employee information.

Major U.S. theater chains suspended showing the movie following threats made by cybercriminals against theaters showing the film, and Sony Pictures suspended the film’s release.

In 2016, during the presidential election, a variety of sites leaked more than 150,000 stolen emails from 12 Hillary Clinton campaign staffers.

This was achieved through a spear phishing email where Russian cybercriminals sent an email that appeared to be from Google, warning of unusual activity in their email accounts, and inviting the recipient to click on a link to change the password.

Once the attackers had the correct passwords, they had access to their targets’ email accounts, allowing them to download and leak thousands of emails containing information sensitive to the Clinton campaign.

Yes, it is compatible and it is also the most recommended, since this way you will be able to obtain a complete analysis of your company.

No, Sofistic always guarantees the confidentiality of the data and treats them with rigorous privacy policies, so only the client will have access to the data obtained in the audit.

After the social engineering audit, it is advisable to carry out customized training for the company based on the results obtained in order to raise employee awareness. Even so, these audits should be performed periodically to keep the company protected and prevent new vulnerabilities from emerging.