Social Engineering Case Study

1113 Words5 Pages
1. Background
Whenever an individual uses his skills to persuade another to give them particular information, to join them in a certain deal or endeavour or task, such is regarded as social engineering. Basically social engineering has existed for decades before Computer Systems existed, however it has evolved over the decades with the increase and evolvement of the internet and computer systems and has also proven to be more lethal than when it first begun due to the fact that it is used in this age mainly for criminal acts.

2. Description
Social Engineering defines a non-technical hacking method which involves human interaction with the goal of trying to trick or coerce an unknowing target into releasing information or violate normal security
…show more content…
Individuals are targeted based on the information they have access to within an organization, some of the common targets include:

Target Type of Information Approach
3.1 Receptionists They are exposed to so much information with the company and they interact with people entering and leaving the premises. Establish a rapport.
3.2 Help Desk Personnel Infrastructure information. Flinging a fake support request.
3.3 System Administrators Infrastructure and Application Information as well as future development plans information.

4. Why Social Engineering works
Regardless of the Information available about Social Engineering, it continues to work because of the inevitable human tendency to trust:
We easily trust someone when we see them dressed in a certain way or hear them say the certain words.

5. Why Social Engineering is successful/Success Factors

5.1 Lack of Technological Solution:
Technology has little or no impact on lessening the effectiveness of social engineering.

5.2 Insufficient Security Policies:
Policies stating how information, resources, and other related items should be handled.

5.3 Difficult
…show more content…
8.4 Lawsuits and Arbitrations: An attack can lead to lawsuits in a case where certain incriminating information is accessed and also in a case where the attacker uses the gathered information to perform incriminating acts using the victim’s profile.

8.5 Temporary or Permanent Closure – An attack can lead to the closure of an organization whether permanent or temporal.

8.6 Loss of Goodwill – An attack can lead one to looing their will to do good.

9 How an ethical hacker can take advantage of the information provided by Social Engineering
As an ethical hacker, information provided can be used as part of the penetration testing of the System, one of the major 2 uses of the information are:
• Creating awareness within the organization
It is much easier to fight an attack which you are aware of and prepare for ahead of time, so it is vital as an ethical hacker to create awareness among employees within an organization in order to increase the chances of safety.

• Put proper policies at hand, policies which will guide employees on how to react to this attack.

10 Countermeasures.

10.1 Human Interaction

More about Social Engineering Case Study

Open Document