Introduction to Ethical Hacking
Temple University

Week 8 Takeaways

Published October 10, 2015 | By Jeta Gjana

Reading Summary: Social Engineering

Social Engineering has become a powerful hacker technique that most organizations still ignore, if not, underestimate its true impact. This technique takes into advantage the weakest link of the security chain in the organization (i.e.: people/employees). However, there are various counter-measures techniques used to reduce the likelihood of a successful social engineering attack. In most cases of a successful attack data is compromised and computer systems are violated.  The cycle consists of four phases: information gathering, developing relationship, exploitation, and execution. It is also important to note the human behavior of a social engineering attack. Most individuals are motivated either by revenge, financial gain, self-interest, etc. to perform such an attack in the first place. Some of the techniques they use include shoulder surfing, checking any trash cane/ recycle bins, email/mail-outs, forensic analysis, website, phishing, etc. Lastly, the counter-measures include different ways to reduce the attack in the first place, such as security policy, physical security, education and security awareness program, etc.

Question for the class:
Have you been a target from a social engineering threat? If so, how were you notified and what were the corrective steps taken to prevent a similar future attack?

In the news: Iran Threat Group Uses Fake LinkedIn Network to Target Victims

Dell SecureWorks found that potential victims were targeted thru social engineering by an extensive network of fake LinkedIn profiles.  Threat Group 2889 consists of 25 fake LinkedIn accounts that pertain to 204 legitimate LinkedIn users in Middle East, North Africa and South Asia, and are likely targets of TG-2889. In addition, they are divided into two groups: fully developed personas (leader accounts) and supporting personas. Once Dell SecureWorks informed LinkedIn of the fake profiles, LinkedIn took them down immediately.

For additional information regarding this article, please click here.

Posted in

Leave a Reply

Your email address will not be published. Required fields are marked *