Social Engineering Report: Strategies, Attacks, and Defenses

Verified

Added on 2023/04/24

AI Summary

This report delves into the realm of social engineering within the context of information security. It begins by defining social engineering as a method of manipulating individuals to acquire confidential information, emphasizing its role as an attack vector that exploits human interaction. The report then explores the challenges of combating social engineering in large organizations, highlighting the significance of preliminary research on targets and the utilization of online platforms like LinkedIn for gathering information. Furthermore, it discusses the impersonation of key officials and the use of customer complaint emails as tactics. The report suggests implementing a 'data classification regime' to identify false positives in emails and protect against social engineering attacks. The report provides references to relevant academic papers and journals, including the use of social media platforms and the utilization of human vulnerabilities.

Running head: SOCIAL ENGINEERING
SOCIAL ENGINEERING
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SOCIAL ENGINEERING
Response to Question 1:
In context of information security, the act of extracting confidential information by
manipulating people psychologically is referred to as Social engineering. It is a kind of
confidential trick in which information is gathered with fraudulent motive. It is also termed as
attack vector, which majorly depends on the interaction with human element in a business
setting (Krombholz et al., 2015, pp.113). It involves the techniques of manipulation to
acquire access of the systems or networks by altering the security procedures. The person
involved with social engineering portrays himself/herself as a source of information and
utilize the factor of human interaction and trust for extracting privileged information of an
organization (Mann, 2017). It utilizes an employee’s nature to achieve the objective. For
instance, it will be easier for a manipulator or hacker to utilize weaknesses of a user rather
than a software’s vulnerability.
Response to Question 2:
It is becoming difficult to combat social engineering in large organizations. The first
step in the process of social engineering involves exhaustive research of the target individual
or an organization, which helps the source to gain trust and understand vulnerability. In
today’s digital age, the information about a large organization like the organizational
structure, number of employees, departmental divisions and nature of work environment is
easily available in the web. For instance, LinkedIn can help connecting to the professional
networks of a specific target and social media platforms are a key source of data for the act
(Ghafir et al., 2016, pp.145). Another reason can be the impersonating a key official to
extract confidential data. Social engineering can also be disguised in the form of a customer
complaint email. The large organizations can protect their operations from social engineering
by the implementation of ‘data classification regime’, where the false positives of an email or
information can be assessed (Ghafir et al., 2016, pp.145).

2SOCIAL ENGINEERING
References:
Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. (2016, August). Social
engineering attack strategies and defence approaches. In 2016 IEEE 4th International
Conference on Future Internet of Things and Cloud (FiCloud) (pp. 145-149). IEEE.
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering
attacks. Journal of Information Security and applications, 22, 113-122.
Mann, I. (2017). Hacking the human: social engineering techniques and security
countermeasures. Routledge.