1Q) Perform a search on the Web for articles and stories about social engineering attacks or reverse social engineering attacks. Find an attack that was successful and describe how it could have been prevented.
need a response 250 words.
2Q) Social Engineering is a term used to manipulate or attack people to gather confidential information through non-technical means. Reverse Social Engineering is a special form of Social Engineering here the attackers initially use social engineering to make the victims believe that they are from genuine source or organization , so the victims themselves approach and provide more information to attackers unknowingly.
The article discusses about the Social engineering attack made on Ubiquiti Networks. Ubiquiti Networks is a San Jose based networking company.
It fell prey to an Email fraud and had lost around $39 million dollars. One of the staff members from its subsidiary company based out of Hong Kong became a victim to the Business email attack also referred to as CEO scam. The organization's finance wing was targeted by impersonating and making fraudulent request to an employee from an external entity.
And this resulted in transfer of an amount of 46 million dollars from Hong Kong based subsidiary company to the external third party. Upon becoming aware of the attack, Ubiquiti Networks was able to recover 8 million dollars. Below are few of the measures that could have been taken to prevent it.
(a) The Company's website domain have to be established and all the email accounts need to refer to the company's domain instead of other web based emails.
(b) The hierarchical information related to the company should never be posted on the Company's website or any other job posting forums.
(c) Additional security features need to be established for financial departments and email communications through personal or non-company based email should not be encouraged and restrictions need to be imposed on them.
(d) Digital signatures need to be established for transactions.
(e) Spam emails should never be opened and they have to be deleted immediately.