Question

"Today’s Attacks and Defenses at the beginning of this chapter illustrated how a security researcher could manipulate a help desk support technician into compromising security. If you were to create your own social engineering attack, what would it be? Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal. You might want to search the Internet for examples of previously successful attacks that used social engineering. Why do you think your attack would be successful? Who would be involved? What would be the problems in achieving your goal? Why? Write a one-page paper on your research"
(Ciampa 93).

As instructed, write a one-page paper on your research. Make sure that your paper is double-spaced and has an introduction, conclusion and any appropriate citations and references.

Answer 1

Foreigner social engineering act attack to be successful I would need to impersonate a person that holds significant power in an organisation or another setting my first step would be to research about a person that can be the head of a department or or having a menu managerial position at an organisation I would gather information about that person such as where he lives where they spent their vacation who their spouses of they have kids or what special interest to the have with that particular set of information I can then call help the service assistant pretending to them and ask them to change my user ID or password aur grant me access to system that would require a password access I would use the above gathered information to to convince the hell does a system that I am actually the person who they think they are and persuade them to change my passwords or grant me access main problem in this approach is gathering the initial information that is required to complete the task nowadays most people aware of the situation and hence tend to hide their information from public sources so gathering such information will be taxing process another approach that can be used is to the search or gather information about the help desk employee gather their interests and their choices from the social profiles and then create official email That seems that would that would have originated from inside the organisation and attach a Malware in that email such that when a person Clicks on that email will grant me e remote access or will hamper their systems and will give me some sort of Access on leverage on their systems this approach is more likely to be successful as it does not require any sort of verbal communication it only exploits the interests of the person in question and this approach does not require impersonating any high level official it only requires me to gather the interests of help desk employee which will be rather simple and then send them an email phishing email send the email seems to have been notation at from inside the organisation a person is is more likely to trust the email and since the email contains are related to the persons interest a person is more than likely to click on the links are provided in and that email giving this attack very high chance of successfully being executed in this approach less number of people are involved as compared to the previous month and similarly to the above approach this approach also has a major problem of Catering Intel as stated earlier people are now more aware of the situation and tend to hide their information on public sources.