In APA formate and you have reply to those discussion with reference along 250 words and also it should have apa formate
Rizwan Ali Khan – Monday, March 18, 2019, 2:26 PM
Social Engineering is nothing but the way of influencing people so that they could give up confidential information. The unknown person tries to trick into individual giving them the passwords or bank information or access individual’s computer so that they could install malicious software to get access to the passwords, bank information and also the control on the computer will be taken by them. Security is mainly about who and what to trust. Unless the person is known to the individual and feels that the person can be trusted, the passwords or any other information should not be shared with him.
Phishing is considered as one then major and new form of the Social Engineering, which involves creating and utilizing the emails and other 3rd party sites which do look like the reliable and legit once which mainly target the sectors like business, financial instructions and government agencies to give a false information to the internet users asking for their personal information. Phishing scams generally operate substitute websites that can attract the consumers into disclosing their personal and financial data, which include PHI information like social security number, Bank Account information, credit card information and sometimes details about the other Online accounts and passwords. Ignoring the social engineering technique which requires companies to implement more security awareness compliance programs. Many companies do conduct some security awareness programs like mandatory Security training programs in order to create the awareness among employees that if they are working safely and responsibly, however, it is wonderful how some companies take that same path with the information security. Sometimes they fail to remind the employees about the ways how the data theft is conducted. Social engineering considered as the unrated risk which is rarely addressed in the employee training programs or corporate security policies.
Keeping up a key separation from Social Engineering Attacks Because social illustrating strikes can evade even extensive variety of social building ambushes. Different private affiliations can’t go to the lengths that the U.S. understanding social event can to screen potential hopefuls, in any case, they can set up a lot of killing action.
Shravan Vobbilisetty – Monday, March 18, 2019, 8:43 PM
Social Engineering is the art of manipulating people so that they give out their personal information that is accomplished through human interactions. It uses psychological manipulation to give away important and sensitive information. Commonly these involves email or other form of communication that make one urgent in accomplishing the said work or fear leading to giving them the sensitive and confidential information.
Social Engineering attacks come in various forms and these can be listed as Phishing, Baiting, Pretext, Scareware.
Criminals use social Engineering tactics because it is usually easier for them to exploit our instinct of trust rather than hacking our software’s for our passwords unless the password strength is poor. As the technical director of Symantec said, only 3% of the malware they run tries to exploit our software and the rest 97% is trying to trick through some form of social engineering scheme.
Phishing: The most popular social engineering attacks come from phishing or spear phishing. These are either email, text or phone calls that cause a sense of urgency, fear or curiosity in victims. These are aimed to get sensitive data such as passwords or bank accounts imitating a trusted source and then creating a logical scenario for them to give their details. Most common examples for this type of attacks are Urgently asking for your help regarding your friend, notify you that you’re a winner in a competition in which you haven’t even participated, present a general problem for you and ask you to click the link to provide your information, etc.
Baiting: This type of attack is usually found in p2p sites. These sites are usually used to download content. They bait you saying you can download the movie or some important software for free either infected with malware or taking them to surveys which will ask them to pay at the end and then start charging you every month without your permission.
Pretext: This type of attack is performed usually through a series of lies. The attacker starts by gaining you trust by impersonating as co-worker, police officer or some important authority that you cannot refuse to answer. They ask all the important questions such as identity to gather the victim’s personal data.
Scareware: This type of attack involves the victims being asked to install a software to reduce the threat their computers are facing. Most of the people are deceived by these continuous bombardments of alarms and threats by installing the software that is of no use or one which is really malware infected. Scareware can also be spread through emails that gives out bogus warnings or makes offers for users to buy worthless/harmful services.
A successful attack:
A billion-dollar heist covering 30 countries and nearly a billion dollars in lost funds, nicknamed Carbanak by security firm Kaspersky, was reported on extensively in Feb 2015.
In the Carbanak scam, spear phishing emails were sent to employees that infected work stations, and from there the hackers tunneled deeper into the banks’ systems until they controlled employee stations that would allow them to make cash transfers, operate ATMs remotely, change account information, and make administrative changes.
It was a pretty standard scheme: an email with a link that looked like it was coming from a colleague contained the malicious code, which spread from there like a digital rhinovirus. They commandeered it for a series of transactions that included the ATM hits, but also a practice of artificially inflating bank balances and then siphoning off that amount, so a customer’s account balance might go from $1,000 to $10,000 and then $9,000 would go to the hacker.
This could have been avoided by setting up a strong firewall, installing and updating the security patches. By setting up VPN’s they could have filtered suspicious email from getting into the employee’s email and blocking unknown webpage that a person may open unknowingly that infected the machines and the work stations. And by training the employee and making them aware of these types of attacks so that one may be aware before opening an email that is from an unknown source. By creating rule for employee’s to change their password on a regular basis or make them use multi-factor authentication.