Professional Documents
Culture Documents
Objective
In this lab, you will research examples of social engineering and identify ways to recognize and prevent it.
Resources
• Computer with internet Access
Use any internet browser to research incidents of social engineering. Summarize three examples found in
your research.
1. $100 Million Google and Facebook Spear Phishing Scam: This is considered the biggest social
engineering attack of all time. A Lithuanian national, Evaldas Rimasauskas, and his team set up a fake
company, pretending to be a computer manufacturer that worked with Google and Facebook. They sent
phishing emails to specific Google and Facebook employees, invoicing them for goods and services that
the manufacturer had genuinely provided, but directing them to deposit money into their fraudulent
accounts. Between 2013 and 2015, they cheated the two tech giants out of over $100 million.
3. Russian Hacking Group Targets Ukraine with Spear Phishing: In February 2022, Microsoft warned of
a new spear phishing campaign by a Russian hacking group targeting Ukrainian government agencies
and NGOs.
These examples illustrate the variety and sophistication of social engineering attacks, emphasizing the importance
of vigilance and robust security measures.
© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 2 www.netacad.com
She asked me if I had seen anything. I told her I hadn’t but convinced her to sit down and think about
what was in the bag. A phone. Make-up. A little cash. And her credit cards. Bingo!
I asked who she banked with and then told her that I worked for that bank. What a stroke of luck! I
reassured her that everything would be fine, but she would need to cancel her credit card right away. I
called the “help-desk” number, which was actually Alex, and handed my phone to her.
Alex was in a van in the parking garage. On the dashboard, a CD player was playing office noises. He
assured the mark that her card could easily be canceled but, to verify her identity, she needed to enter
her PIN on the keypad of the phone she was using. My phone and my keypad.
When we had her PIN, I left. If we were real thieves, we would have had access to her account via ATM
withdrawals and PIN purchases. Fortunately for her, it was just a TV show."
Remember: “Those who build walls think differently than those who seek to go over, under, around, or
through them." Paul Wilson - The Real Hustle
Question:
Research ways to recognize social engineering. Describe three examples found in your research.
Sure, here are three ways to recognize social engineering, which are relevant everywhere, including Bhutan:
Unexpected Messages: Most social engineering attacks begin with the potential victim receiving an
unexpected request. If you receive a message that you weren’t expecting, especially if it’s asking for sensitive
information or actions, be cautious.
Unusual Requests: In many cases, social engineering attacks involve the attacker asking the potential victim
to do something they’ve never done before. If you’re asked to perform an unfamiliar action, especially one
that could potentially be harmful, it’s a red flag.
Sense of Urgency: One common characteristic of social engineering attacks is a sense of urgency attached
to the message. If an unsolicited correspondence is rushing you to take action, you should always be
suspicious.
Type your answers here.
Does your company or school have procedures in place to help to prevent social engineering?
Type your answers here.
If so, what are some of those procedures?
While I don’t have a company or school, I can share some common procedures that organizations use to prevent
social engineering:
1. Security Awareness Training: This involves educating employees about the various tricks used by
cybercriminals. It can be the best defense against social engineering. For example, teaching your
workforce about the tell-tale signs of an attack can help prevent a cyber-threat from becoming a
cybersecurity incident.
2. Phishing Simulations: Phishing emails are a common way that malware infections occur. A popular
technique to train users to spot a phishing email is the use of phishing simulations. The simulation
sessions can be used remotely and are often tailored to the specific needs of your organization.
3. Prevent Pre-Texting: Pretexting is a type of social engineering which often grooms a target then
develops an environment of urgency to obtain sensitive data or encourage a transfer of money. To avoid
pretexting, you can use security awareness training that is augmented with clear security policies that deal
specifically with the challenges of pretexting and grooming.
4. Email Gateways: Social engineers often use email to execute a scam; email gateways are used to filter
out spam emails. Email gateways have been shown, when correctly configured, to reduce spam by up to
99.9%.
5. Advanced Technologies: Use of advanced technologies can help in detecting and preventing social
engineering attacks.
Remember, social engineering awareness is your best tool in combating these types of attacks. Stay vigilant and
educate yourself and others about these tactics to help prevent such incidents.
Use the internet to research procedures that other organizations use to prevent social engineers from gaining
access to confidential information. List your findings.
Type your answers here.
End of Document
© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 2 www.netacad.com