Evaluating the Impact of Cybertheft Through Social Engineering and Network Intrusions

Evaluating the Impact of Cybertheft Through Social Engineering and Network Intrusions

Nabie Y. Conteh, Anjelica B. Jackson
DOI: 10.4018/978-1-7998-6504-9.ch004
OnDemand:
(Individual Chapters)
Available
$33.75
List Price: $37.50
10% Discount:-$3.75
TOTAL SAVINGS: $3.75

Abstract

This chapter takes an in-depth look into the research literature to analyze and evaluate the role that social engineering plays in network intrusion and cybertheft. It will also discuss preventive measures and solutions to the threats and vulnerabilities that present themselves in the process of social engineering attacks. Social engineering is a means of stealing private data through tactics that make the victim feel comfortable to give their data. This kind of attack can cost individuals and organizations millions of dollars and block their access to data. The articles present multiple statistics that prove that the risk of social engineering attacks on individuals or organizations has increased tremendously. This new wave of communication has given hackers many opportunities to threaten security by tracking your email, phone, social networks, etc. Information detailing how users can be more aware of ways to protect their private information from attackers will also be presented.
Chapter Preview
Top

Topic Analysis

In this paper social engineering is defined along with the types of social engineering attacks. In addition, this research will identify why cyber theft continues to advance at an alarming rate. Furthermore, psychological variables that contribute to vulnerabilities will be discussed. And finally, studies will be presented that identify key considerations regarding social engineering, testing and training, and point to how users can be coached to prevent attacks which offers a promising methodology to reduce system and user's risk.

Research indicates that “social engineering is a non-technical hack that uses trickery, persuasion, impersonation, emotional manipulation, and abuse of trust to gain information or computer system access through the human interface” (Thompson, 2006, p.222). Impersonation tactics are successful when the hacker can communicate the lingo of the victim company and policies. Manipulation tactics are performed by hackers who pretend to have lost company information, are unable to contact or get in touch with a source, and are unaware of common information that should not be forgotten. Hackers who are not using manipulation will contact the victim and ask for the information they are hoping to steal, which is known as a direct request approach (Thompson, 2006).

Types of Social Engineering Attacks

Below are some of the known social Engineering attacks:

  • Phishing: Phishing scams attempt to obtain personal information such as names, addresses and other personal identifiable information (PII) such as social security numbers.

Phishing scams may embed links to redirect users to suspicious websites that appear legitimate. These types of scams create a sense of urgency to manipulate users to act in a manner that challenges good judgment.

  • Pretexting: This type of social engineering attack is driven by a fabrication scenario attempting to confirm and steal personal information from a target. Advanced attacks attempt to exploit a weakness of an organization or company. This method requires the attacker to build a credible story that leaves little room to question doubt by a target. The strategy is to use fear and urgency while building a sense of trust with a victim to confirm or obtain sought information.

  • Baiting: Baiting is similar to a phishing attack, but lures a victim through enticement strategies. Hackers use the lure of promised goods if a user surrenders log-in credentials to a specific site. Baiting schemes are not limited to, digital on-line schemes and can also be launched through the use of physical media.

  • Quid pro quo: Similar to Baiting, but this type of threat is presented as a technical service in exchange for information. A common threat is for an attacker to impersonate an information technology representative and offer assistance to a victim who may be experiencing technical challenges. The attacker aims to launch malware on a user’s system.

  • Tailgating: This type of attack uses tailgating and piggybacking to gain access to restricted areas. This attack exposes those who have an ability to grant or gain access to a restricted area by an attacker who may impersonate delivery personnel or others who may require temporary access.

Complete Chapter List

Search this Book:
Reset