P h a s e s i n a S o c i a l E n g i n e e r i n g A t t a c k
The attacker performs social engineering in the following sequence.
Research the target company
The attacker, before actually attacking any network, gathers information in order to find possible ways to enter the target network. Social engineering is one such technique to grab information. The attacker initially carries out research on the target company to find basic information such as kind of business, organization location, number of employees, etc. During this phase, the attacker may conduct dumpster diving, browse through the company website, find employee details, etc.Select victim
After performing in-depth research on the target company, the attacker chooses the key victim attempt to exploit to grab sensitive and useful information. Disgruntled employees of the company are a boon to the attacker. The attacker tries to find these employees and lure them to reveal their company information. As they are dissatisfied with the company, they may be willing to leak or disclose sensitive data of the company to the attacker.
Develop the relationship
Once such employees are identified, attackers try to develop relationships with them so that they can extract confidential information from them. Then they use that information for further information extracting or to launch attacks.
Exploit the relationship
Once the attacker builds a relationship with the employees of the company, the attacker tries to exploit the relationship of the employee with the company and tries to extract sensitive information such as account information, financial information, current technologies used, future plans, etc.
I m p a c t o n t h e O r g a n i z a t i o n
Though social engineering doesn't seem to be serious threat, it can lead to great loss for a company. The various forms of loss caused by social engineering include:
Economic losses
Competitors may use social engineering techniques to steal information such as future development plans and a company's marketing strategy, which in turn may inflict great economic losses on a company.
Dam age of goodwill
Goodwill of an organization is important for attracting customers. Social engineering attacks may leak sensitive organizational data and damage the goodwill of an organization.
Loss of privacy
Privacy is a major concern, especially for large organizations. If an organization is unable to maintain the privacy of its stakeholders or customers, then people may lose trust in the company and may not want to continue with the organization. Consequently, the organization could face loss of business.
Terrorism and anti-social elements pose a threat to an organization's people and property. Social engineering attacks may be used by terrorists to make a blueprint of their target.
Lawsuits and arbitration
Lawsuits and arbitration result in negative publicity for an organization and affect the business' performance.
Temporary or perm anent closure
־ ־Social engineering attacks that results in loss of good will and lawsuits and arbitration may force a temporary or permanent closure of an organization and its business activities.
־ ־Social engineering attacks that results in loss of good will and lawsuits and arbitration may force a temporary or permanent closure of an organization and its business activities.
ReplyDeleteافضل شركة كشف تسربات المياه بالجبيل
افضل شركة مكافحة النمل الابيض بالقطيف
افضل شركة رش حشرات ببريدة
ارخص شركة مكافحة حشرات بالدمام
ارخص شركة غسيل مكيفات بالدمام