Question

In: Computer Science

There is a technique called “fabrication” constitutes one dimension of social engineering attack. Think of three...

There is a technique called “fabrication” constitutes one dimension of social engineering attack. Think of three (successful or unsuccessful) social engineering attack cases that you know from media or from your private life. Describe the cases in narrative form (what happened and how the course of each attack unfolded) and analyze the fabricating elements of the cases. Examine, in what ways the attackers sought to fool the victims. Moreover, in what ways they sought to build confidence and credibility (i.e. make the situation seem valid). What kind of frames was constituted?

Solutions

Expert Solution


Pretexting, as oppose to phishing (seek to obtain personal information, embed links to suspicious websites in URL, incorporates treats or fears or sense of urgency to act), attempts to extract sensitive information by building trust over time.

Pretexting is another social engineering attack where attackers focus on creating a good pretext or a fabricated scenario, that they can use to steal their victim's personal information. The attacker will create a believable, but a completely fabricated, pretext to lay some groundwork and break down a victim's defenses over time. Also, known as fabrication.

This kind of tactic is used to gain the victim's trust and increase the likelihood that they will divulge requested information without hesitation.

Few examples below of this cyber social engineering attack: -

1. Successful Attack
Narration : My Uncle who is a former State Bank of India (SBI) employee and of 70 years of age was a victim to this pretexting cyber attack. On Day1 - person makes a phone call stating he is an SBI employee and he wants KYC (Know Your Customer) information to verify account details. My uncle gives the required information asked like Name, DOB, Place where account is, Aadhar Number and mobile number. He is also asked, if he has any queries related to bank pension account. The fraudser takes this information and keeps the phone. On Day2 - same person calls again in the afternoon, says he has some more information to share regarding SBI pension with schemes and will require personal details. The fraudster convinces my uncle that he is from SBI bank and he will send messages to the mobile number, please read those messages and tell him the details which was the OTP information sent multiple times and he kept calling my uncle on phone and kept asking to share OTP numbers 4 to 5 times. Also, he kept calling at regular short intervals and kept him engrossed in talks. They were successfully able to transfer 40000 rupees from his account in 3 successful OTP sharing attempts. My uncle was able to know this only after half an hour when he say other SBI messages about money withdrawl from bank account in his mobile. Even after reporting to police the same day, even informed bank, but money was not recovered. The fraudster was calling from a far of state in UP, India.

2. Successful Attack - In an IT financial company, a senior financial consultant who is responsible for financial transaction of clients and his company, tries to transfer small amount of money (transaction fees in thousands of rupees) into his multiple accounts named under small companies over a period of time. This is shown as miscelleneous fees for clients and was not caught for many years in any financial audits. After few years this incident comes to light and the company fires the employee. He is asked to resign from his position and asked to leave but due to the reputation of company, this is not advertised.

3. Unsuccessful Attack - This incident was reported in newspaper. There were two old friends in a financial company. One friend (A) had resigned the company few months ago due to financial frauds committed. The other friend (B) is a senior level person in approving financial transactions in the same company and is a trusted old employee in the company. But this person incurs financial personal loss of crore of rupees in a lottery game. So, he is in deep financial crises and is in urgent need of quick money. Person B knows Person A was intelligent in committing financial fraud and knows how to transfer money to his personal accounts while doing Client's billing transaction. Person B approaches Person A for help in guiding how transactions can be done in the company and earn money. Also, promises to pay Person A for his guidance. Person A suggests pick a junior employee who is handling these transactions, go to him and asks him to get his transactions checked in his machine regularly and gain his trust. On some day, pretext to check his financial transactions, commit the financial money transfer transactions into your personal accounts quickly when that person is not around for sometime. Person B commits these financial transactions and is successful in transferring money to his accounts. But later in the month, a suspision is raised over approval of those crore rupees transaction by audit firm. The junior is picked up for doing these transactions, but he rechecks and recalls those dates information and reports that Person B had done those transactions from him machine. Later after police complaints are launched, Person B admits to this social engineering attack committed by him.

--------------

Thus, in all three attacks bank accounts / financial transactions are compromised in the pretext of gaining money by fraudsters. Pretexting attacks (fabrication) are commonly used to gain both sensitive and non-sensitive information. They use fear and urgency to their advantage, pretexting attacks rely on building a false sense of trust with the victim. This requires the attacker to build a fabricated, convincing story that leaves little room for doubt on the part of their target.


Related Solutions

Describe what a social engineering attack is. [Social engineering is the art of manipulating people so...
Describe what a social engineering attack is. [Social engineering is the art of manipulating people so they give up confidential information. The attackers solicits information such as passwords or PIN numbers from victims.] Provide 3 examples of social engineering attacks and describe how they could be used to undermine the security of your IT infrastructure. [ your answer goes here ] How can social engineering attacks be defended against? Provide 5 examples with descriptions. [ your answer goes here ]
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and...
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and Maintenance). During July, the following costs and service department usage ratios were recorded. Supplying Department Using Department Engineering Administration Maintenance Fabrication Assembly Engineering 0 40 % 0 15 % 45 % Administration 20 % 0 25 % 45 % 10 % Maintenance 0 30 % 0 15 % 55 % Direct cost $ 42,000 $ 248,550 $ 45,000 $ 230,000 $ 80,000 Required: Allocate...
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and...
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and Maintenance). During July, the following costs and service department usage ratios were recorded. Supplying Department Using Department Engineering Administration Maintenance Fabrication Assembly Engineering 0 40 % 0 15 % 45 % Administration 20 % 0 25 % 45 % 10 % Maintenance 0 30 % 0 15 % 55 % Direct cost $ 42,000 $ 248,550 $ 45,000 $ 230,000 $ 80,000 Required: Allocate...
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and...
Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and Maintenance). During July, the following costs and service department usage ratios were recorded. Supplying Department Using Department Engineering Administration Maintenance Fabrication Assembly Engineering 0 50 % 0 10 % 40 % Administration 10 % 0 20 % 50 % 20 % Maintenance 0 50 % 0 20 % 30 % Direct cost $ 24,000 $ 179,500 $ 25,000 $ 185,000 $ 50,000    Required:...
1.Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and...
1.Midland Resources has two production departments (Fabrication and Assembly) and three service departments (Engineering, Administration, and Maintenance). During July, the following costs and service department usage ratios were recorded: Supplying Department Using Department Engineering Administration Maintenance Fabrication Assembly Engineering 0 50 % 0 10 % 40 % Administration 10 % 0 20 % 50 % 20 % Maintenance 0 20 % 0 20 % 60 % Direct cost $ 22,000 $ 193,300 $ 25,000 $ 180,000 $ 50,000    Required:...
Discuss the PEST technique with respect to at least one each of the political, economic, social,...
Discuss the PEST technique with respect to at least one each of the political, economic, social, and technical factors. Explain how this knowledge could be used in the strategic planning process within a company.
Choose one of the social Engineering Techniques and write a scenario how it could be used...
Choose one of the social Engineering Techniques and write a scenario how it could be used to manipulate others?
Think about olfaction as an assessment technique. Give two or three additional examples of data you...
Think about olfaction as an assessment technique. Give two or three additional examples of data you might collect through the use of smell. You are caring for a woman who has no hair on her head. How might you determine the cause of her hair loss? What other assessments should you perform?
Name one innovation in the field of civil engineering that you think has been developed creatively....
Name one innovation in the field of civil engineering that you think has been developed creatively. Justify why you think this innovation can be considered creative.
think of three inventions that could not be patented. One due to uselessness, one due to...
think of three inventions that could not be patented. One due to uselessness, one due to lack of novelity, and one due to being too obvious
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT