Farhan_Mohd_IST_110_Lab_Social_Engineering_rev6

.docx

School

Greenville Technical College *

*We aren’t endorsed by this school

Course

110

Subject

Industrial Engineering

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by DoctorStrawSparrow4

GTC IST-110 Lab: Understanding Social Engineering Attacks Objectives Research and identify social engineering attacks Background / Scenario Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it. Required Resources PC or mobile device with Internet access Part 1: Read the following article. Open and Review the corresponding PDF file from SANS for this lab and read it thoroughly to answer the following questions (a copy of the PDF is included in your Blackboard assignment page) SANS Institute - Information Security Reading Room “Methods for Understanding and Reducing Social Engineering Attacks” by Michael Alexander https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social- engineering-attacks-36972 Part 2: Answer the following questions. 1. Per the document provided, what are the three main methods (in order) used by social engineers to gain access to sensitive information? Give the method type then a summary in your own words (1-2 sentences minimally each) of each method 1 st method Section 4.1 Trust-based attack – creating a feeling of trust or obligation in the victim using familiarity, authority or urgency. 2 nd method Section 4.2 Impersonation-based attack – assuming someone else’s identity to gain information, such as technical support or banking representative. 3 rd method Section 4.3 Media-based attack – utilizing email, phone, or other forms of communication to spread malware or phishing scams. GTC - CPT Dept Page 1 of 5 IST 110 Lab
GTC IST-110 Lab: Understanding Social Engineering Attacks 2. What are five real-world examples of social engineering attacks from the first method type (Section 4.1)? Include the method, the type, and then a real-world example (2-3 sentences minimally each) 1 Method: Trust-based attack. Type: Confidence schemes use friendly conversation to gain trust and sensitive information over the phone. 2 Method: Trust-based attack. Type: Giveaways lure victims with prizes and coupons that require personal details. 3 Method: Trust-based attack. Type: Scarcity uses a false emergency with urgent need of sensitive details to send funds quickly. 4 Method: Trust-based attack. Type: Debt collection scams intimidate victims into revealing their banking or credit card info to settle fake debts. 5 Method: Trust-based attack. Type: Technical support fraudsters convince victims to install remote access tools and pay unnecessary service fees on nonexistent threats. 3. What are five real-world examples of social engineering attacks from the second method type (Section 4.2)? Include the method, the type, and then a real-world example (2-3 sentences minimally each) 1 Method: Impersonation-based attack. Type: Corporate executives scams use impersonated executive identity to convince victims to wire funds internationally right away. 2 Method: Impersonation-based attack. Type: Social media scams create fake profiles to build relationships and request sensitive details at a later point. 3 Method: Impersonation-based attack. Type: Shoulder surfing watches the victim enter sensitive data, like ATM pins, from a nearby viewpoint. 4 Method: Impersonation-based attack. Type: Phishing scams spoof emails or websites of legitimate businesses to harvest credentials with disguised GTC - CPT Dept Page 2 of 5 IST 110 Lab
GTC IST-110 Lab: Understanding Social Engineering Attacks intent. 5 Method: Impersonation-based attack. Type: Authorized vendor tricks victims by posing as technology service providers in urgent need of remote access for support purposes. 4. Why is social networking a social engineering threat? (3-4 sentences minimally) Social networking sites provide a wealth of personal details that help social engineers build profiles of potential targets. Bad actors use this available information to impersonate others and design customized ruses for specific victims based on hobbies, relationships, work and location info publicly posted. 5. What is OCEAN and how does it apply to Social Engineering and Cybersecurity? (be descriptive; include each word from the acronym; 5 sentences minimally) OCEAN stands for Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism. Certain personality types are more vulnerable to social engineering based on these factors. Open individuals share freely online and are more trusting. Those low in conscientiousness may ignore security protocols. Extroverts interact socially, increasing exposure. Agreeable types want to help and are compliant. Highly neurotic individuals anxious in uncertain situations tend toward impulsive risk-taking behaviors. Understanding OCEAN helps security awareness training better educate staff. 6. How can an organization defend itself from social engineering attacks? (be descriptive; 4-5 sentences minimally) GTC - CPT Dept Page 3 of 5 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help