FBI: Get to know your IT guy – extortion crews are visiting law firms pretending to be tech support
Cybercriminals still allowed to walk into office blocks and convince staff to let them plug in their own thumb drives
This type of social engineering attack is an enduring vulnerability, exacerbated by remote work transitioning back to hybrid models where physical access controls may be less stringent and human vigilance is often low.
This highlights a persistent and low-tech vulnerability in even seemingly secure environments, demonstrating that human factors remain a critical attack surface regardless of sophisticated cybersecurity investments.
It reinforces the need for continuous, practical security awareness training that extends beyond digital threats to include physical social engineering tactics, as these methods can bypass advanced technical safeguards.
- · Cybersecurity awareness training providers
- · Physical security solution vendors
- · Law firms with robust internal security policies
- · Law firms with lax physical security
- · Staff unfamiliar with social engineering tactics
- · Organizations relying solely on digital defenses
Increased awareness and potential investment in combined physical and digital cybersecurity training.
More stringent verification protocols for third-party IT support and service personnel visiting offices.
A potential shift in insurance policies to more explicitly cover social engineering losses due to physical infiltration.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at The Register