ipl-logo

Social Engineering Case Study

1113 Words5 Pages

1. Background
Whenever an individual uses his skills to persuade another to give them particular information, to join them in a certain deal or endeavour or task, such is regarded as social engineering. Basically social engineering has existed for decades before Computer Systems existed, however it has evolved over the decades with the increase and evolvement of the internet and computer systems and has also proven to be more lethal than when it first begun due to the fact that it is used in this age mainly for criminal acts.

2. Description
Social Engineering defines a non-technical hacking method which involves human interaction with the goal of trying to trick or coerce an unknowing target into releasing information or violate normal security …show more content…

Individuals are targeted based on the information they have access to within an organization, some of the common targets include:

Target Type of Information Approach
3.1 Receptionists They are exposed to so much information with the company and they interact with people entering and leaving the premises. Establish a rapport.
3.2 Help Desk Personnel Infrastructure information. Flinging a fake support request.
3.3 System Administrators Infrastructure and Application Information as well as future development plans information.

4. Why Social Engineering works
Regardless of the Information available about Social Engineering, it continues to work because of the inevitable human tendency to trust:
We easily trust someone when we see them dressed in a certain way or hear them say the certain words.

5. Why Social Engineering is successful/Success Factors

5.1 Lack of Technological Solution:
Technology has little or no impact on lessening the effectiveness of social engineering.

5.2 Insufficient Security Policies:
Policies stating how information, resources, and other related items should be handled.

5.3 Difficult …show more content…

8.4 Lawsuits and Arbitrations: An attack can lead to lawsuits in a case where certain incriminating information is accessed and also in a case where the attacker uses the gathered information to perform incriminating acts using the victim’s profile.

8.5 Temporary or Permanent Closure – An attack can lead to the closure of an organization whether permanent or temporal.

8.6 Loss of Goodwill – An attack can lead one to looing their will to do good.

9 How an ethical hacker can take advantage of the information provided by Social Engineering
As an ethical hacker, information provided can be used as part of the penetration testing of the System, one of the major 2 uses of the information are:
• Creating awareness within the organization
It is much easier to fight an attack which you are aware of and prepare for ahead of time, so it is vital as an ethical hacker to create awareness among employees within an organization in order to increase the chances of safety.

• Put proper policies at hand, policies which will guide employees on how to react to this attack.

10 Countermeasures.

10.1 Human Interaction

Show More
Related
277 Words | 2 Pages

EET282 Unit 2 Review Assignment 1. Social Engineering relies on tricking and deceiving someone to access a system. 2. Google Phishing involves phishers setting up their own search engines to direct traffic to illegitimate sites. 3.

Read More
613 Words | 3 Pages

4.1 Theft In the event of physical thefts of company equipment or other network property we have to secure vulnerabilities in company property access and perimeter physical barrier that protects all company assets. To prevent intruders from accessing company grounds without authorization we have many choices in physical controls such as surveillance cable/laptop locks, cameras, security guard, alarm system, access control scanners at entry points, mantraps. As a preventative measure from property break-ins, all lower level (easily accessed from outside) office windows must be protected by installing window bars and/or using fence that secures all company property limits. In addition, a mantrap interlocking door control would greatly increase security.

Read More
664 Words | 3 Pages

3. Dumpster divers Dumpster diver will dig for the information that has all of the information about payroll, position and title that puts business at risk Destroy or shred all of the information that is not needed to avoid the information to be misused by the attacker. Application and Network Attacks 4. Letting the Ex-employee log in to the system even after he leaves the company It will destroy and

Read More
572 Words | 3 Pages

The policy and procedure designed by Open Arms Urgent Care is to prevent undesired or reoccurrence behaviors from our employees that may hinder patient care or staff services. We need to protect our health care organization. Our company takes affirmative action toward employee misbehavior. The steps that follow the policy and procedure checklist are designed to take action, improve employee performance, and prevent future employee misconduct. STEP 1: WARNING

Read More
871 Words | 4 Pages

EIAr need to make sure that their employees are safe because they handle weapons which if a mistake was made then they could greatly injure themselves or someone else. Employees must be supplied with the correct equipment and safety precautions so it minimises the risk of something happening. 9) ICT and System operations are in-charge of making sure all the tills and IT systems are working. For EIAr their ICT and System operations need to make sure all their tills, CCTV cameras and computers are working so that the business can stay operating without needing to temporarily close due to a system not

Read More
956 Words | 4 Pages

Vanessa Best October 9, 2015 Legal, Safety, and Regulatory in the Workplace HCS/341 Regulations, Legal, and Safety within Human Resource Management Human Resource management, Legal, Regulations, and Safety "Common sense and compassion in the workplace has been replaced by litigation." In my opinion I think I would have to disagree because not all companies and organizations aren’t like that. But, at the same time the quote focuses on how people in companies feel there isn’t any form of compassion and common sense awareness applied to the work environment. Now, it’s all about what they and you can do to make sure the organization or the company doesn’t get sued or lose money from an employee mistake or human resource

Read More
144 Words | 1 Pages

This equips the staff with strategies to safely defuse anxious, hostile,

Read More
1178 Words | 5 Pages

Organisations can better prepare for and respond to cyber assaults by following the framework's rules and best practises, lowering the risk of damage to their essential assets and reputation. The NIST incident response framework is a complete framework comprised of five phases: preparation, detection and analysis, containment, eradication, and recovery. Each phase is intended to cover specific tasks and activities that organisations must carry out when responding to crises. The framework emphasises the necessity of planning, which includes designing incident response policies, processes, and plans as well as performing employee training and awareness programmes.

Read More
744 Words | 3 Pages

The information security function should be positioned through several valid choices. Issues and concerns are also related to each staffing of the information security function. Information professionals are able to gain additional education and credentials to earn recognition in the field. Not only this, but an organizations employment policies and practices can support the information security team as well.

Read More
457 Words | 2 Pages

It preys on the natural human tendency to trust. Social engineering can be a very effective and dangerous method for individuals to compromise both information and infrastructure. Social engineering is unlike any other threat to the security of a corporation. Social engineering bypasses the technologies put in to place to protect and detect malicious activity. It is a threat that will always exist, and one that cannot be contained by anti-virus software, thorough patching, firewalls and intrusion detection systems.

Read More
569 Words | 3 Pages

Introduction Within the 20th and 21st century, millions of people have become victims to countless acts of cyber-criminality. We’ve come to know and label such people engaged in cyber-attacks as Hackers. More specifically, there are three categories of hackers: Black Hat, Gray Hat, and White Hat. For clarification from Larisa April Long(2012), White Hat hackers are the ethical hackers, who have authorization to seek out the same vulnerabilities that Black Hats look for and either simply inform the owner of the system’s flaw or design the security to protect the system.

Read More
1958 Words | 8 Pages

Introduction The ASCE code of ethics is the constitution for civil engineers. Since this binding document was created in 1914, technology has vastly changed [2]. Humanity has created a technology so powerful, that it can mobilize movements, commence careers, and ruin reputations. Today this technology is known as social media. These internet platforms appear to be harmless with the ability to find friends and share memes only a click away, but the dangers begin when an individual overshares.

Read More
841 Words | 4 Pages

The rapid proliferation of information technology has led to a significant rise in the number of people who use the internet in one way or another. With the growth in the number of persons who have an internet connection; certain individuals have begun to exploit this resource through the unethical practice of Identity theft. As more and more individuals are posting their personal information online, cybercriminals are stealing this information with the aim of assuming the victim's identity so as to either obtain financial advantage or benefits that are associated with the victim (Jewkes, 2013). The act of stealing other people's identity cannot be considered as ethical because it violates the victim's right to privacy.

Read More
1721 Words | 7 Pages

Abstract The evidence offered in this paper clearly highlights the Psychological manipulation which is a type of social influence that aims to change the perception or behavior of others through underhanded, deceptive, or even abusive techniques. This advances the interests of the manipulator, generally at the victim's expense, in methods that may be considered abusive, devious, deceptive, and exploitative. The main focus of this study is to understand how people are manipulated and the different kind of tactics that are used to manipulate them.

Read More
2111 Words | 9 Pages

An example of social proof being used ethically on the online collaborative platform would be if

Read More

More about Social Engineering Case Study

Related Topics

Open Document