Go through the below discussion and comment in 150 words
Social Engineering Attack:
Social Engineering attack is heavily relied on the human interactions. It is an art of making people to believe the false information and making them to fall in their trap. They manipulate people in such a way that they provide the hackers to access the confidential information, financial information without their knowledge. Generally, it happens when there is no security(firewall) for the company websites and database or employees lack of knowledge that an outsider can easily hack the confidential information of a company.
I read few articles that mentions few top social engineering attacks which resulted in loss of money and customers data. One of them is,
YAHOO HACK 2014
Yahoo got attacked in 2013 that affected 3 billion users. Not quite long the incident happened, again in 2014 it got attacked but it was significant and endangered up to 500 million users. Here the user’s data got stolen and that includes username, password recover emails, security questions & answers, phone numbers and cryptographic values which are associated with the accounts of users.
In this attack, the hackers focused yahoo employees who had semi – privileges. One Employee got tricked for the hacker’s email and granted access to the yahoo network by allowing the hackers to download Yahoo’s database. Using this information, the hackers took advantage of the recovery emails which allowed them to access user’s account.
Firstly, the company should take the security measures when the first attack had happened. Unlike allowing them to hack the company’s database again. By the description it was clear that an employee had fell for an email. So, it is vital that a company should always train and educate the employee about the security policies of a company that they should not entertain any spam or malicious emails. Because a simple mistake can also help a hacker to bring the great companies down just in a second.
Even though a company take many measures or precautions before and after the incidents it is hard or almost impossible to guess the attacks. But there are certain prevention’s they can follow to stop the attacks.
Seize the unwanted emails: A company should give the awareness to the employees of company’s security terms. When an employee gets emails from unknown which are not expected from such senders, the employee should check with other partner before opening the emails or clicking links.
Cautious with downloading: If an Employee does not aware of the emails that describes about malicious information or any spam links they should be cautious with downloading and opening such emails.
The Top Ten Most Famous Social Engineering Attacks. (2018, July 26). Retrieved from https://resources.infosecinstitute.com/the-top-ten-most-famous-social-engineering-attacks/#gref
Nicole, Perlroth. (2016, sept.22). Yahoo Says Hackers Stole Data on 500 Million Users in 2014. Retrieved from https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html