You are working remotely one day and receive a call from a blocked number. You answer, and the person on the other end of identifies herself as an agency service desk employee. She explains that due to some server issues at the information data center, she needs to immediately migrate your directory account to another server and update some settings on your work computer. To do so she will need you to disconnect from the virtual private network (VPN) and provide her with your IP address so she can control your computer remotely and update your computer. Someone has obtained a listing of agency end-users email addresses. This person creates a fake email that emulates a real credit monitoring service email being sent to the agency users due to the recent personal breach. The email is exact in almost every detail, except the clickable URL’s contained in the email will bring the user to web site that will immediately download a malware virus that will infect the end-users computer and possible network. …show more content…
It preys on the natural human tendency to trust. Social engineering can be a very effective and dangerous method for individuals to compromise both information and infrastructure. Social engineering is unlike any other threat to the security of a corporation. Social engineering bypasses the technologies put in to place to protect and detect malicious activity. It is a threat that will always exist, and one that cannot be contained by anti-virus software, thorough patching, firewalls and intrusion detection systems. There are two types of social engineering: Human-based this where the use is deceived suing human interaction; Computer-based, this is used by deceived via computer or electronic device, usually through webpage or email. Social engineering preys on people, their tendencies, and