The Pros And Cons Of Social Engineering

A Social engineering attack is a technique used by the hacker to trick people so they give up confidential information. The most important information the criminals are seeking are peoples’ passwords, bank information, social security number and much more. Reading through the website http://www.social-engineer.org/, I can tell that no one is safe from social engineering attack. One example that makes me think that way is the case of Maario Coleman and Angela Russell. These two guys were able to collect students’ information on the graduation ceremonies and create target lists. The pair then used online databases to find matching social security numbers and birthdates before applying for loans in the students’ names. Social engineering attack

The data breaches at Target, Home Depot are reminders to CIOs of how deadly social engineering can be. CIO’s and CSO’s realize the dangers of security problems on a massive scale. These are some deliberate security breaches that happen when an employee shares a password or loses a mobile device. An employee might access a website at work that loads malware onto his PC, which then spreads throughout the corporate network. In other cases, security breaches occur when a disgruntled employee leaves the company and takes with him valuable intellectual property that belongs to the company.

B. Hackers may use a tactic called social engineering to enter your computer, in other

Social engineering is the ability of manipulating people to give up confidential information. The most common Social Engineering attack is targeted to trick the victim into giving away their passwords or bank information or having someone access your computer to secretly install a malware – which can access your passwords, bank information and other sensitive information stored in that computer.

It is recommended that we conduct a test that would simulate that breach. The test results should be anonymous as the goal of the test is to improve the company's security posture in a way that improves the entire company's security. After the test is complete, the results should be used to assist in designing training for employees on understanding and dealing with potential social engineering attacks. After developing the training, new policies and procedures should be disseminated, then the training can include understanding and reviewing the new policies and procedures. After the training is completed another test should be done to measure engagement and effectiveness of the social engineering training. This information should be used to improve training. The goal of the training would be to empower employees with situational awareness skills that would assist them in identifying potential social engineering attempts and how to respond

Over the last few years the amount of security breaches that have been reported have had one factor that has been prevalent in majority of the attacks. That factor is the employee’s and how they are manipulated into giving the intruder/hacker exactly what they needed without realizing it. The use of social engineering in data breaches and fraud has been steadily increasing over the years. Confidentiality, integrity, and availability the three components of the CIA triad in network security can all be compromised by the risk of social engineering.

According to Mitnick, social engineering in information security simply means the psychological manipulation of people so as to divulge confidential information. It involves some kind of confidence trick with the aim of gathering information, committing fraud or getting access to the system . This is very different for the traditional conning but is one of the processes that the social engineering process that is more complex.

Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April). Why phishing works. InProceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581-590). ACM.

Another threat is Social engineering, this is a technique used by criminals to trick someone into revealing confidential information, an example of social engineering is phishing this is tricking someone into sending their detail to the criminal, one way this is done is the victim gets an email from the criminal pretending to be their bank saying, “you must enter your bank details” so the victim does and sends them to the criminal and then the criminal has the personal bank details. Another example is example is of social engineering when you visit some web pages there can be a pop up saying you have won something like a holiday or a phone, and when you click collect prize it will ask you to enter your details such as your email and address

I agree with Dr. Thomas Plante on social engineering which is an effective way of changing people's behavior (Plante, 2012). I believe social engineering could be a useful tool to achieve public good. For example, banning public smoking has resulted in better cleaner air for all and reducing high risk to lung cancer and many other chronic diseases. We can not control each individual to avoid smoking. However, by making laws that restricted smokers in the use of public space, we can improve overall social conditions.

Moreover, many organizations within the public and private sector heavily relies on technology to carry out their day to day operations. Those cyber technologies help make many difficult or tedious tasks easier to do and technology can also carry out many of those tasks more effectively and efficiently than humans can. However, cyber technologies are at risk of espionage, cyber attacks, or other crimes such as theft and fraud (Ammori & Poellet, 2010).

The ultimate question that’s asked is why social engineer do what they do. Many do it because they either what social or financial gain, some of them also look to become well known in the industry. After reading a few pages from the book “The Art of Deception” many social engineers are either hired by a company to test the employee’s ability to just trust anyone with their information. Some social engineer intrude on the company’s infrastructure to see if they can find any flaws within the company. If a very important flaw is found they then present it to the company’s a business venture or to get hired on as the personal to repair the flaws and heighten the company’s infrastructure so that the breach and any other breaches don’t take place. The venture is like a supply and demand scenarios.

The criminals that are involved in social engineering are pursuing information by tricking you into giving out your passwords or bank data. They also access your computer to corruptly install malicious software that will give them access to your personal information. Common social engineering attacks are emails from a friend, baiting situations like offering new music, phishing attempts like test messages, and etc. Many ways to elude these type of attacks like investigating the matter, delete any invitation for financial information, or reject requests for help or proposals of

Identity theft is one of the growing crimes in the United States due to the fact people do not know how to properly protect themselves against it. Criminals use different methods to acquire the information necessary to steal someone’s identity. Some of the techniques used to commit identity theft are; stealing wallets, acquiring bank information or pilfering through trash to find documents containing PII (FBI, n.d.). Nowadays criminals are able to steal people’s identity using different procedures over the internet without having to compromise their identity. Some of the methods are social engineering, phishing, sending spam messages and malware (OLI, 2013). Criminals use these methods because with the use of technology, identity theft could be accomplished anonymously and without much effort. Also because people lower their guard about securing their personally identifiable information when using the internet, especially when using social networks, they become easy targets to

Phishing is a serious problem in the progressively limitless service of the internet. There are many ways to trick the people to disclose the information by using social engineering attack. It can take form of spam email, fake