Social engineering is increasingly used by attackers by manipulating individuals to provide their key confidential information. For this given discussion, I would like to reflect on an instance where I almost provided my banking information, to an attacker who was seeking to gain access to my finances. On this given day, I received a message on my phone claiming that the bank required my key details as it was experiencing the delays with its systems. The message further provided a number, which I was to call when contacting the bank customer case. I first ignored the message. After some few minutes, I got the same message insisting that I should contact the bank as the case was becoming out of hand and required immediate verification and validation of my bank details. I decided to make the call by dialing the number, which was provided by the message. Upon calling, the receiver explained that the bank was receiving system failure and as a result some accounts had been automatically merged. The receiver hence required me to provide my banking details. I gave him my account number but before I could retrieve the password, I developed a feeling that something was wrong so I decided to hang up. Later on that day, I decided to visit the bank and confirm the incidence only to realize that I was about to provide access to my bank account to unauthorized person.
There are different ways of preventing the occurrence of the social engineering. One of the ways could include deleting any request for personal information or passwords. Nobody should be contacting individuals for their personal information via email or short messages unsolicited. Another way of mitigating such a scenario could include rejecting requests for help or offers of help. Social engineers can and will either request help with information or offer to help i.e posing as tech support (Gupta, Singhal & Kapoor, 2016). If individuals did not request any assistance from the sender, they should consider any requests or offers a scam. In this context conducting a comprehensive research on the issue could have provided substantial knowledge on avoiding the social engineering strategy.
In a similar situation it is important to set spam filters to high. Emails usually have a spam filter, which is usually available on the settings and could be activated to mitigate social engineering. It if further important for users to secure their devices by Installing, maintaining and updating regularly their anti-virus software, firewalls, and email filters (Moon, Im, Kim, & Park, 2017). Integration of a VPN could be incorporated to ensure security of user devices. Additionally, users need to be always be mindful of risks by double check, triple check any request they get for the correct information. Looking out for cyber security news to take swift actions if they are affected by a recent breach.
Gupta, S., Singhal, A., & Kapoor, A. (2016, April). A literature survey on social engineering attacks: Phishing attack. In 2016 international conference on computing, communication and automation (ICCCA) (pp. 537-540). IEEE.
Moon, D., Im, H., Kim, I., & Park, J. H. (2017). DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. The Journal of supercomputing, 73(7), 2881-2895.
Concept Of Social Engineering
The art of social engineering is the process in which the people and their minds are manipulated so that the confidential information is not leaked. The amount of information that is carried away by the attackers may vary from one attacker to attacker. In situations, when all the attackers are on target, they try their best to misguide others, thereby leaking confidential information to gain accessibility to others where people secretly put up malicious software. They can also have access to the passwords and other credential information, to have an accessibility to your computer. The criminal implements the technique of social engineering as it becomes relatively easier to have an exploitation of the natural resources (Teodorescu, 2015).
The Toyota corporation, who is an extensive supplier of auto parts, has been the victim of social engineering, wherein the attack took place in 2019. The lost in money accounted to 37 million USD. The attackers were able to persuade the executives in finance department in order to make a change in the account information of the recipients through a transfer. The details available are limited. In this situation, the employee was highly convinced of the fact that the transfer of funds is highly legitimate and authorised, and this how the transaction gets completed. There are chances to track how this leaking occurred. The methods employed by the attackers was alarming and disturbing, and the incorporation of technology through fake exposures such as mimicking the voice of the customers and transferring the credentials of the individuals. A fake calling during which the senior management will authorise the transfer orally can be a possibility of bringing a technological change. This eventually will change the process within the organization against the organization itself. The hackers will only circulate the invoices and documentation (Wright, 2014).
Teodorescu, H. (2015). Using Analytics and Social Media for Monitoring and Mitigation of Social Disasters. Procedia Engineering, 107, 325-334. doi: 10.1016/j.proeng.2015.06.088
Wright, O. (2014). Social Engineering. Engineering & Technology Reference. doi: 10.1049/etr.2014.0013
1) Each response should be 150-180 words.It should be also be cited according to APA format and atleast have 2 references not old more than 5 years.
2) It will be sunmitted it into safe asssign so the match percentage should be less than 15%.It means absolutely no plagiarism.
3) Some points mentioned by my professor regarding APA format
a)Citations: First off you can not just use any website. It needs to be of academic quality not just some random website. Also when you cite a website you do not just copy the hyper link and paste it in. There is more to it than that. There are lots of cites to help you with this. One example is https://www.citationmachine.net/apa/cite-a-website
b) APA Format: Many of you are not even trying to do APA format. You guys are missing a lot of the elements. Here is a link that will help you with a sample paper: https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/apa_sample_paper.html
c) Plagiarism: Some of you are getting a really high percentage on this. If the school feels you are plagiarizing you can get in a lot of academic trouble. I saw one person theirs was 80%
d) Typos: It is your responsibility to make sure that spelling and punctuation are correct. Some of you are not using comments and/or having some serious spelling errors. Once you post an assignment you need to verify that Blackboard did not mess it up and if did you may have to go back and MANUALLY fix it.