Advanced Social Engineering

Advanced Social Engineering
Introduction
Social engineering refers to an art of manipulating people to gain access to their personal
and confidential information. The type of information that such criminals seek from a person
varies with the need of the information. However, the cyber criminals usually trick potential
victims into giving them their passwords, bank information, or gain access to personal computers
among other activities (Krombholz, Hobel, Huber, & Weippl, 2015). This paper will, therefore,
focus on the issues that are related to social engineering and suggest possible solutions to the
current trend of cybercrime.
How the Intruder Gained Access to the System of the Company
There are various ways through which an intruder could have gained access to the
information of the company. However, since the attack was through the electronic mail from the
criminal. The possible way that the criminal could have used is to develop a password of the
email of one of the company's supervisors' through the use of social engineering. Most of the
Internet log-in portals require the password that contains approximately eight characters or more.
It is not possible to cram all the passwords thanks to various portals that require an online login.
Therefore, the supervisor might have been using a similar password to most of his or her portals.
The portals include social sites like Facebook, Skype, and Twitter among others.
The intruder could have sent a message to the supervisor through the social media
platform. It was in that message that the intruder embedded a link, and since it is from a social
media friend, the supervisor just opened the message. Such links usually contain malware that
enables cyber criminals to take control of other person's personal computer. All personal 
ADVANCED SOCIAL ENGINEERING 3
information of the supervisor's account to the intruder including the password is then sent to the
intruder via the link.
With most of the personal information at hand, the intruder can, therefore, try as many
accounts of the supervisor as possible. The intruder then designed a message and posed as the
company's customer trying to explain that one of the company's product has been being
incorrect. The message required the supervisor to verify the information by clicking ‘reply'
button. The supervisor then tried to reply to the mail through the same link. The message that
followed was that "No such e-mail address exists." Afterward, the computer speed worsened off
and was extremely slow, and it seemed as if someone had gained access to the computer and
accessed various confidential pieces of information.
That was the fact; somebody elsewhere had already gained password and other access
privileges and obtained various company’s confidential information. Therefore, the information
was hacked into as discussed above.
Security Recommendations