Social engineering is not about hacking computers; it’s about hacking people. It’s a manipulative tactic that exploits human psychology, trust, and digital conditioning to trick individuals into divulging confidential information, granting unauthorized access, or performing actions that compromise security.

This year, Red Canary has consistently observed two social engineering campaigns that adversaries use to gain access into a corporate environment:

• Email bombing: a technique that involves flooding a victim’s inbox with spam email followed by a phone scam to trick the victim into providing remote access to their computer.

• Paste and run (aka ClickFix, fakeCAPTCHA): a technique used to fool users into running malicious code by taking advantage of user’s digital conditioning to get past CAPTCHA-style messages or “fix” requests.

We’ve created a free handout for educating your users about what to look for and how to stay ahead of these emerging social engineering trends.