Social-engineering scams get more sophisticated
The number of cyber incidents involving a fake story or other pretext to lure in victims has more than doubled in the last year, according to a report from Verizon this week.
Why it matters: Pretexting typically involves scammers sending emails, texts or social media messages that purport to be from a family member, boss or client — making it much easier for victims to fall for and harder for company IT teams to detect.
By the numbers: Pretexting was involved in 4.1% of the 16,312 security incidents between November 2021 and October 2022 that Verizon studied for its report.
- That's nearly double the 2.4% share that involved pretext in last year's analysis.
The big picture: Three-fourths of all breaches started with humans, according to Verizon's 2023 report.
- That included incidents where people fell for socially engineered messages or phishing emails, misused their network access, or continued to use leaked passwords.
The intrigue: Pretext-based attacks were responsible for some of the biggest security headlines in the last year.
- A breach at Uber in September started when an employee sent their login credentials to someone claiming to be in the company's IT department.
- And an attack on Twilio involved a similar scheme in which hackers pretended to be the company's IT team and texted employees that their passwords had expired.
Yes, but: Attacks involving pretext still make up a small sliver of all cyber incidents.
What's next: The generative AI boom is handing scammers the tools to customize pretext-based attacks with voice-message impersonations, faked images and other forgeries.
Sign up for Axios’ cybersecurity newsletter Codebook here