Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented.
- Students are required to post one original response to the discussion questions each week, as well as a response to one classmate. Original responses should not be a word for word rehashing of what is stated in the readings, but rather an integration of the concepts and additional insights, either from real world experience or additional sources. It should be a 250 word response . Your secondary posting is a response to two classmate’s post. Each answer/response should be supported with research. Responses to classmates should not be “I agree” or “I like the way you stated that.” These responses should again be insightful, offering an opinion or facts based on your research and experiences. The response to one classmate should be a minimum of 150 words. See APA criteria for citing resources. You must provide a minimum of a reference, in APA format, in your original response.
1st reply to this topic of 150 words
Attacks in Online Social Networks
Social Engineering Attack: Informal organizations are a portion of the biggest and quickest developing online administrations today. Facebook, for instance, has been positioned as the second most went by webpage on the Internet, and has been revealing development rates as high as 3% every week. One of the key highlights of informal organizations is the help they accommodate finding new companions. For instance, social arrange locales may attempt to naturally recognize which clients know each other with a specific end goal to propose companionship proposals (Winkler, 2018).
Reverse Social Engineering: Online social designing assaults are anything but difficult to spread, hard to follow back to the aggressor, and for the most part includes a minimal effort for every focused-on client. They are surely understood dangers in which the assailant goes for impacting the casualties and influencing them to perform activities for her benefit. The assailant is regularly intrigued in deceiving the casualties into uncovering touchy or vital data. Cases of these assaults incorporate conventional email lies and phishing or their further developed focused on shapes, for example, stick phishing (Winkler, 2018).
A general issue on informal organizations is that it is troublesome for clients to judge if a companion asks for is reliable or not. In this manner, clients are frequently brisk in tolerating solicitations from individuals they don’t have a clue. For instance, an examination led by Sophos in 2007 demonstrated that 41% of Facebook clients recognized a companion ask for from an irregular individual. More alerts clients can be deceived by demands from foes that mimic companions. Lamentably, once an association is set up, the aggressor regularly has full access to all data on the casualty’s profile. Besides, clients who get messages from asserted companions are substantially more prone to follow up on such message, for instance, by tapping on joins. A comparative outcome was accounted for by Jagatjit. The creators found that phishing endeavors will probably succeed if the aggressor utilizes stolen data from casualties’ companions in informal communities to create their phishing messages (Jakobsson, & Finn, & Johnson, 2008).
To have the capacity to make recommendations and to advance companionships, informal communication destinations regularly mine the information that has been gathered about the enlisted clients. For case, the way that a client investigates an email deliver may be expected to show that the client knows the individual who claims that email account. Sadly, such suspicions can likewise be mishandled by assailants to impact proposals, or then again to build the possibility that the casualty’s advantage is fascinated by a phony nectar account. We trust that this discussion will bring issues to light about this present reality risk of turn around social building in informal communities and will energize interpersonal organization suppliers to embrace a few countermeasures.
2nd reply of 150 words to this topic
Social engineering attacks:
“Social engineering” is an “assault” vector that “depends “enthusiastically on human cooperation and normally includes misleading persons in contravention of conventional safety methods. There are two types of “social engineering attacks” such as human based and computer-based “social engineering attacks.” In this answer, I will discuss the computer-based attack and how to prevent these types of attack. Computer-based attacks also have different kinds such as Phishing, online scams, Baiting. We focused on the Phishing; Phishing includes fake emails message, and sites anticipated to imitate real frameworks with the goal of catching sensitive information or data. A message might create since a store, and other certainly unstated organization among the requirement to “check” your “login” information. It will normally be ridiculed up the login page by all the correct logos to seem real (Heli Tiirmaa-Klaar, 2013).
Prevention of the computer-based attacks never gives classified information or, so distant as that worried, yet non-secret data with accreditations via means of electronic mail, talk envoy, cellular phone or face to face to vague or distrustful resources. On the off chance that you obtain an electronic mail by a “connection” to a vague site “AVOID” the intuition to clack it directly in spite of the opportunity that it emerges to have propelled by one of your associates or associates. Examine the “URL” to verify whether it seems doubtful. Regularly the electronic mail might emerge to have contacts base from a single of your associates or associates however on the occasion that you verify “email address” you will perceive which is not real. Install antivirus, email filters, firewall on the computer and keep software’s update. Place your computer “operating system” to mechanically update (Fisk, 2016).
Social engineering attacks are the non-technical attacks performed by hackers. Usually, hackers find it challenging to attack the technical computer systems as there are layers of security mechanisms that need to be bypassed to gain access to the information. So, hackers can call users and convince that they are authorized to retrieve certain information. Hackers can also send emails which resemble the original and common emails that users usually receive. Thus, users are confident that they are accessing original emails by not even verifying the authenticity of those emails. Reverse social engineering attack is a type of attack where an attacker initially convinces a user or a group of users to believe that the attacker’s contact information is legitimate, the attacker creates a situation for the users to contact unknowingly. As the users already believe that the attackers are legitimate, they don’t question the behavior of attackers even though they were asked about personal or confidential information.
Social engineering attack in Ubiquiti Networks Inc.
The attackers in the case of Ubiquiti networks has manipulated by claiming that they are a higher authority, gained access to the information about financial department who was authorized to transfer money to the accounts they have mentioned. Ubiquiti was a victim of losing 39.1 million dollars. Later on, Ubiquiti has contacted law enforcement agencies and covered some part of the money that they have lost. Also, with further investigation, they have confirmed that there was no technical security breach or loss of confidential information. However, the financial department human resources are the targeted victims to face a social engineering attack.
Security measures to prevent social engineering and reverse social engineering attacks:
• Before providing any information, users or employees of a company should verify the authenticity of the person they are communicating with.
• Proper training and awareness should be provided to the employees about the importance of authentication, authorization and the consequences faced by the company and the individual when hacked.
• Two-factor authentications are helpful to authenticate the users or the systems.
• Continuously monitoring the content of the emails or letters that are received to notice if there are any unusual behavior and reporting to the proper security department in the cases if there are some malicious attacks or unusual behavior