Provide replies to below posts Each in 125 words
I’m studying for my Computer Science class and need an explanation.
Main que:Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented.
no need to provide answer to main question.Read below posts and reply accordingly
pru-Social engineering is the psychological attack which manipulates the information and try to gain the access to the user personal mailboxes. Since technologies are growing, organizations are facing the huge malicious attacks which needs to be monitor and control in the initial levels to avoid the sensitive data losses for the business. Social engineering is a term broadly used in the cyber-criminal activities where attackers involved and try to breach the user sensitive data to perform the unethical incidents.
Social engineering often considered as the bold attacks where attackers completely manipulates the human minds to gain the access to highly confidential data and perform the data breaches or losses. Human beings are the weakest component of the security issues due to the insufficient knowledge and give the loopholes to the attackers to perform the unethical business activities. Many technical issues organizations are facing in the recent years, but controlling the various issues became the critical challenge for the organizations.
Following are some common social engineering attacks:
· Email hacking
In most of the cases, attackers targets the mailboxes which contains all the users information and key details and try to gain the confidential data to perform the breaches.
Prevention of social engineering attacks:
In the social engineering attacks, consider the various sources and never respond to the unidentical source which can cause the critical damages for the business and individuals. Social engineers often counts their targets and work on the malicious incidents to minimise the risk factors raised from social engineering attacks.
· Install effective antivirus and security suits
· Install email software
· Follow all the security trends and recent security updates
· Don’t respond to the spam mails and messages from sensitive websites
sai-Social engineering attacks are one of the huge threats for the companies regardless of the size of the company. According to the US Federal Bureau of Investigation (FBI), the global exposed losses have been exceeded $12.5 billion. The statistics prove that how important is to focus on cyber security and social engineering by the organizations. Ubiquity Networks Inc, the San Jose based manufactured of networking high-performance networking technology for service providers and enterprises had lost $39.1 million dollars in 2015 through email business fraud incident. The attack was called “CEO scam/ “Business Email Compromise (BEC) attack. In this type of attack, the fraudulent party usually hijacks or impersonate the email of a top-ranked staff member within the company. In this company the impersonate criminal requested money from its subsidiary company which incorporated in Hong Kong and the money were transferred to the account, which the criminals had the access to that account. The hackers cheated both Ubiquity and its subsidiary company with well-planned social engineering (Egan, 2018).
· The company could have prevented such huge threat and loss by taking some precautions.
· First one is, avoid free web-based emails and instead, create a company website domain and use them to create email accounts.
· The company should be careful when they publish sensitive information on social media, website and other public domains.
· The information like job duties and responsibilities, and hierarchal information need to hide from the public.
· Immediate action towards any suspicious activity and implement additional financial security and two- factor verification process (Honan, 2015).
Use secondary communication channels like telephone verification to ensure the request was real. In addition, use digital signatures by both entities and if the system allows doing so. Moreover, deleting spasms and forward messages instead using “reply option to make sure the email is going to the right person from the “saved address book. All above-mentioned recommendations will help the company to prevent from such social engineering threats (Honan, 2015).
jayathi-Social Engineering attacks have increased these days, with the booming technology. Social engineering attacks are intended to steal a company’s or individuals personal or confidential information. Recently in past years, many companies have been the victims of such attacks including one of the biggest retails ‘Target’. In the year 2013, the attackers were successful enough to obtain the credit/debit card information of 40 million customers, and personal details like email, name, number of about 70 million customers. The attack was made on Target’s Point of Sale system, where the malware accesses the RAM of POS and obtains the data.
The attackers accessed the POS of Target through an HVAC company. Target shared their network with the HVAC company Fazio mechanical services, as they installed their machines in target. Attackers went through the Fazio services to access Target’s POS system. This can be considered as one of the biggest mistakes by a major retailer like Target, who shared their network with an outside company and let their systems be accessed so easily by an outsider. This situation would have been avoided if Fazio services did not have access to Target’s network. These could have saved Target from such a major breach of information. However, company took immediate actions to avoid in future and learned a big lesson. Due to such a huge mistake, Target lost customer’s trust and had to re-build the customer relationship to gain there trust back.
kush-On September 22, 2016, Yahoo! Inc., shocked the world when they announced that a data breach and theft of information from over 500 million user accounts, which is the largest data breach ever (Trautman, Ormerod, 2017). Data of all categories were stolen which includes birthdays, telephone numbers, email addresses, passwords, and some security questions. Though the information was announced publicly in 2016, the incident actually happened in 2013 compromising data of around a million users. The data breach was valued around $3B, largest ever in the history, affecting over billion customers. A social engineering attack like this is inevitable on the internet but the fact is how the situation is handled makes the difference. Though there was no direct impact on the users like they weren’t asked for money and the users weren’t aware of the situation until the announcement. Which means there was nothing direct impact happened yet. The scariest part is, the outcome can be catastrophic and can happen any time, which is unpredictable.
We all know what data has been compromised, but no one is really aware of what is the level of impact will really happen to its users. Being in the business of internet forever two decades, Yahoo would have been aware of the necessary measures to possibly avoid the data theft. There are a lot more measures could be undertaken to avoid such incidents primarily to start with involving cybersecurity specialist to create awareness across the organization. “Engage actively in damage control and address customer data vulnerability.” (Janakiraman, Rishika, 2018, p. 102, para. 4). Ensure customers are aware of separating the business and personal accounts. When the staffs/employees are aware of how to encrypt data and data management they can avoid external malware. Also, create awareness that external websites other than the sites limited within the daily duties should not be accessed. Every act should involve a sense of urgency. Customers should be informed about password protection, identity threat and periodically track and monitor personal data.
8 mins ago