Module 3 Discussion Board 2 Week 5 Initial Post Due 6/9
For this module discussion, you are to post an initial response to the topic below of 350-500 words and 1 reply to another student adding new value to the discussion (125-175 words). Initial posts are to be substantive based on reading and research. Posts are to be unique for each student – not a repeat or paraphrase of what has already been stated. The initial post is due by end of day the Sunday following the chat session.. Reply posts to other students are due the following Sunday. Each module is approximately 2 weeks. 2 posts total during each 2-week period for this discussion.
Social engineering is a challenge for companies to control when confidential information is shared. What are 3 types of social engineering and describe 2 examples of how this can occur? What can companies do to prevent this from happening?
Reply to Samuel – 150 words
Samuel
Jun 10 8:29pm
Manage Discussion by Samuel
Reply from Samuel
Criminals rely a lot on these techniques called Social Engineering also named “Human Hacking” in where they manipulate people to access, share or send information that they shouldn’t to obtain private personal data or extract it from an organization. From stealing personal data to use a credit card to use an employee personal data to create a dangerous virus within a company are some of the techniques these cyber -criminals use. They use victims’ emotions to persuade them to act against their own.
A widely known social engineering technique used is Phishing, where criminals produce links, webpages or messages to make it look like they are of legit precedence. They also try to manipulate the victim to share information to a supposedly trusted entity.
With the social media boom, Angler Phishing has got the attention of cybersecurities organizations and is one of the most common cyber-attacks that harm peoples identities. Angler Phishing is when criminals pretendent to be working for a company as a customer service representative using social media platforms and making the victim share their personal data, often through a phone call.
An example of this would be a customer complaining on Twitter about a delivery of a specific product from a store. The scammer would pretend to be a customer representative working for that store and offer apologies. Once it has engaged with the customer, it would create a fake reward link and obtain personal information.
Another very famous and dangerous social engineering form used by criminals is the “Water Hole Atack” called like that referring to the wild, when a predator waits for their prey near a watering hole. In these cybersecurity assaults, criminals lure people to access a webpage they would normally use to persuade them to access a malicious link to infect the software with ransomware.
For instance, if a group of cybercriminals determine that a company employee is using a news webpage on a daily basis, they would attempt to infect that webpage with damaged code, hoping the target would access it.
These types of attacks are very difficult to prevent due to the nature of the problem. The criminals intend to affect the human mind instead of machines’ actions. What companies can do to prevent these attacks is to create awareness in it employees, possibly through training to help them understand the possible damage in which they can incur. Cybersecurity technologies always are very popular to help mitigate a possible attack, like double authentication to access private data and spam filters to help catch malicious link before it reach the victim.
