The purpose of this study is to explore social engineering tactics and why it is a viable attack vector. This study hopes to prove that social engineering is becoming a more prevalent danger in the corporate world. This is important because the security of corporations must be focused on to protect consumer data. If there is an attack vector that is not being protected against company data is in danger. This can lead to increased accounts of identity theft, credit card fraud, and stolen confidential information.
The study is trying to answer the research question, is social engineering becoming the one of the greatest dangers corporations are facing today? The hypothesis is that social engineering is becoming one of the greatest …show more content…
The nature of a social engineering attack is hard to protect against because it exploits the “human factor” of the network. By manipulating end-users attackers are getting confidential information without the user even realizing it. Variety of social engineering attacks. One method of a social engineering attack, and one of the most popular, is phishing. Phishing is sending emails appearing to be from a reputable source with the intent of gaining personal information. Phishing accounts for “77% of all socially-based attacks” (Social-Engineer.Org, 2014). Phishing has become easier to execute thanks to the rise of the cybercrime market. Some attackers will solicit their phishing skills while other will sell phishing kits they created. The average kit costs between $2 to $10 which makes them easily accessible and are easy to use as will (Symantec, 2016, 33). The most common phishing attacks mimic banking institutions. While reports state that phishing numbers are declining over time, it does not mean that it is losing popularity. Phishing is evolving into a method coined “spear phishing”. (Symantec, 2016, …show more content…
In 2013, a record of a complex social engineering attack was published by Symantec. This record explains an attack on a French-based multinational company.
“In April 2013, the administrative assistant to a vice president at a French-based multinational company received an email referencing an invoice hosted on a popular file sharing service. A few minutes later, the same administrative assistant received a phone call from another vice president within the company, instructing her to examine and process the invoice. The vice president spoke with authority and used perfect French. However, the invoice was a fake and the vice president who called her was an attacker.” (Symantec, 2013)
The purpose of this attack was to install a remote access Trojan (RAT) onto the computer of the administrative assistant. This RAT was used to log keystrokes, view the desktop, and browse files. With this information they can claim passwords, screenshots of emails, and remotely download sensitive information without the assistant knowing what was going on. According to Symantec, this kind of attack is highly unusual, using both email and a phone call with perfect French. This complexity in an attack shows aggressive social engineering and how cybercrime and social engineering is