Task-1: Research Social Engineering Example

Example-1: Shark Tank, 2020

Shark Tank is an American business reality television series on ABC that premiered on
August, 2009. One of the starring person of this show name Barbara Corcoran was tricked in a nearly
USD 400,000 phishing and social engineering scam. A social engineer made a duplicate email address
of her assistant and send an email to the bookkeeper requesting a renewal payment related to real
estate investment. He used an email similar to the legitimate one. This fraud was only discovered
after the bookkeeper sent an email to the assistant’s correct email address asking about the
transaction[ CITATION Cases \l 1033 ].

Example-2: Toyota Boshoku Corporation, 2019

Toyota Boshoku Corporation is a Japanese automotive component manufacturer. It is a
member of Toyota Group of Companies. This company was a victim of social engineering and
business email compromise (BEC) attack in 2019. This company lost money USD 37 Million. By using
persuasion, social engineer agreed a finance executive officer to change the bank account
information in a wire transfer. He exposed the records included names, addresses, dates of birth,
occupation and other information, the good news is that no financial data was exposed in this
incident[ CITATION Pie19 \l 1033 ].

Example-3: Rivest–Shamir–Adleman (RSA), 2011

Rivest–Shamir–Adleman (RSA) is one of the public key cryptosystem and is widely used for
secure data transmission.  In such a cryptosystem, the encryption key is public and distinct from
the decryption key which is kept secret (private)[CITATION RSA \l 1033 ]. This security company has
spent about USD 66 Million because of its data breach in 2011. The attack started with a document
of Microsoft Excel, which is sent to a small group of employees via Email. The subject of the Email is
something like “Recruitment Plan”. The attached documents with this email contained a malicious
file which opened a backdoor for hackers for access.

Task-2: Recognize the Signs of Social Engineering

Example-1: Immediate Assistance:
In Social Engineering attacks the social engineer use the language that generate a sense of
urgency in clients and apply pressure on them to click on the given link without thinking or
investigation. If someone asks you to do an urgent wire transfer then you should slow down in your
work. First you should verify it then you complete the transaction.

Example-2: Verification of Information:

In Social Engineering attacks, social engineer introduces an issue which will be solved after
taking the data from you. You should remember that kind of thing, which carries you to a structure
to provide your data. These kinds of message look like a correct email with correct logos and
markings which shows that the sender is right and the message is authentic.

Example-3: Responding a Question

Social Engineers will act like a client operator of that organization in which you are working
and send you a message of responding to a request for help. But you didn’t send any kind of request
for help. You may conclude that a fake client operator is contacting you, this would be a lucky time
to get support from security department for an issue which you are facing. Definitely he will ask
explicit data from you for validation of your personality.
Task-3: Research Ways to Prevent Social Engineering
Way-1: Link Verification:
You must have to verify short link, which is in the form of bit.ly or any other link. It might be
hiding a dangerous link. Before it, you have to check the connection without clicking and use the link
expender. You can sue any link expender just like DuckDuckgo, this link expender will tell you what is
behind the link.

Way-2: Identities Verification:

You have to ensure that you dealing with right person. Sometimes, you get a request in
email which is unknown. Before giving the response, you have to confirm from the right person
which you know. Because email capturing happens each day that’s why you have to verify the
identity.

Way-3: Email Protection Software:

Protection from the social engineering attacks that will harm your data or personal
information. This software will check the messages which are coming in your inbox in the form of
malware, malicious internet. This software will stop these kinds of email for coming in inbox. You
have to use URL protection software or avoid from clicking the short URL.