INFS 3500 - Cybersecurity

Technologies

Titus Williams
Alexander Bejarano
Axyle Belveal
Elise Cloonan
Ella Nguyen
OVERVIEW
• Introduction

• Social Engineering
Methods

• Impact to the organization

• Prevention
Introduction to Social
Engineering

• What It Is: "A manipulation technique exploiting human

trust to breach systems." (Source: "Elder Fraud: If a
Former FBI/CIA Director Can Be Targeted, So Can You")
• Why the Elderly: "A demographic known for
trustworthiness and often less familiarity with digital
safeguards. Their vulnerability is emphasized by general
trends in social engineering attacks." (Source: "FBI
Springfield Warns of the Devastating Outcome of Elder
Fraud")

This Photo by Unknown author is licensed under CC BY-NC-ND.

The Weight of the Issue

• Organizational Impact: "The FBI highlights significant harm from social engineering
attacks on the elderly, affecting both victims and their caregivers." (Source: "FBI
Springfield Warns of the Devastating Outcome of Elder Fraud")
• Prevention Pathways: "The FBI emphasizes the importance of recognizing scams, being
cautious with communication, and keeping security software up-to-date." (Source: "Elder
Fraud: If a Former FBI/CIA Director Can Be Targeted, So Can You")
• Our Collective Role: "Stressing the FBI's focus on both investigating and preventing elder
fraud, and the necessity for community awareness and education." (Source: "FBI
Springfield Warns of the Devastating Outcome of Elder Fraud")
Social Engineering
Methods
Methods: Exploiting Human Behavior
• Phishing – In 2022, Phishing is the top crime type according to the FBI
• Email phishing – creates a believable email that contain malicious links
• Vishing – phone calls aimed towards exposing personal information
• Spear Phishing – targets departments of business, tailored approach
• Pretexting – often used in many other attacks
• Creating a fake identity to gain trust
• Building a believable backstory
• Scareware
• Social Engineering tactic that aims to scare or influence people to install
malicious software – usually disguised as a cybersecurity solution
Social Engineering Examples
Romance Scam – attacker
preys on loneliness
• "In 2021, the IC3 received
reports from 24,299
victims who experienced
more than $956 million in
losses to Romance
scams."
• 48% percent of reports
came from people over
the age of 50
• Originate in West Africa
This is a billion-dollar industry because humans are the easiest to exploit
Tech Support Scam –
scammers impersonate
well-known companies
• In 2021, reports indicate
that people over the age
of 60 lost $1.68 billion
• Claim to work for tech
support to alleviate
comprised systems or
malware
• Originate in Southern Asia
Grandparent Scam – uses
fear
• Fraudster claim a
victim's grandchild is in
danger or even claim to
be the grandchild – ask
for sums of money to
"save them"
Impact to the
business and
elderly populatio
n
On the Organization
On the Organization
• Data breaches where personal identification, credit card information,
and password can be stolen

• Business interruption
+ Computer system is infected causing downtime, financial loses, and
reducing productivity.

• Legal liability
+ Business is binding to legal obligation to customers' data.

=> Losing control to internal system and being vulnerable to the external
attackers and competitors will lead to financial burden for the recovery time and
damaging the company reputation.
On the Elderly
• Profitable target to Social Engineering Attack
+ Use the same password for multiple account.
+ Lack of knowledge in technology and cyber awareness.
+ Can be manipulated by fear.
+ Easily give out personal information to phone scam.
+ Potential victim to online dating.
Protecting the Elderly Against
Social Engineering Attacks

Raise Awareness & Teach Secure Online Identity Verification

Educate Practices
Educate on common social Use strong, unique Always verify the identity of
engineering attacks. passwords for online anyone requesting personal
Encourage Skepticism accounts information.
Enable Multi-Factor Contact organizations
Authentication (MFA) for directly through official
added security channels to confirm
requests.
 Communication & Vigilance
• Email and Phone Safety
• Recognize phishing attempts and suspicious phone calls.
• Specifically, avoid sharing personal information via email
or phone.
• Consult with a family member or trusted person when
facing suspicious callers.
• Our Responsibility
• Maintain open communication channels with family
and caregivers.
• Offer support and patience as elderly individuals adapt
to safer online practices.

By following these strategies and staying vigilant, we can help the elderly protect themselves
against social engineering attacks and navigate the digital world more securely.
 Common Protection & Prevention Resources
for the Elderly

AARP - American Association

of Retired Persons (1958)

National Council on Aging –

NCOA (1950)
 • Resources on how to recognize and avoid common
scams. "Real-world tips and tools to help protect you
and your loved ones". AARP’s Fraud Resource Center
• Resources for Scam Alerts
• Fraud Fighting
• Victim Support
• Elderly Fraud
• e
• See or Report scams that have happened near you.
AARP - American Scam Tracking Map
Association of Retired
Persons • https://www.aarp.org/money/scams-fraud/
?Intcmp=AE-FRDSC-ABT-FRC#01/
• https://www.aarp.org/money/scams-
fraud/tracking-map/?Intcmp=AE-FRDSC-
ABT-MAP/
 The National Council On Aging
• Fraud Protection Center - Provides information and
tools to prevent scams, fraud, and financial abuse.
Financial Exploitation Participant Guide -
• Practical Guides, real-life examples, and education
focused on valuable real life examples.
Pa
• Step-by-step guidance on prevention and necessary
steps to take in case of an attack
• Download Materials to Host a Workshop
- Facilitators Guide / Participants Guide (See
Links)
Facilitators Guide
https://assets-us-01.kc-usercontent.com/ffacf
e7d-10b6-0083-2632-604077fd4eca/f1bfe071
-b102-4759-84db-dd42c4c48344/2019-0051_
NISC-ESI-Financial-Exploitation_Facilitator-Gui
de_7-10.pdf
Participants Guide
https://assets-us-01.kc-usercontent.com/ffacf
e7d-10b6-0083-2632-604077fd4eca/2d50c40
4-69a1-4416-9331-cbebfe2fea78/2019-0051_
NISC-ESI-Financial-Exploitation_Participant-Gu
ide_7-10.pdf
 What Social Engineering might look like in the Future

Increased Use of Advanced Technology
The growing reliance on Artificial Intelligence
presents a significant risk in terms of social
engineering security.
The Shift of Atack Mediums Phycological Social Engineering Attacks
Transitioning from phishing and Utilizing your personal information to create a
spam calls to targeting through trigger that leads to the disclosure of
social media platforms. confidential data.
The use of
Advanced
Technology
With the advancements in artificial intelligence (AI),
being cautious about who you communicate with
and what information you share online becomes
increasingly important. AI's capability to mimic
someone's voice with a brief sample has been highly
effective and convincing. This technological progress
extends to AI's ability to replicate writing styles,
posing new challenges in digital communication.
Recognizing the person's authenticity on the other
end of a conversation is now more complex. As AI
evolves, distinguishing between genuine and AI-
generated communications will require greater
vigilance.
Shift of Attack
Medium
Social engineering attacks are shifting to using
various online platforms, where people often
share personal data. This abundance of
publicly available information allows attackers
to compile detailed profiles of individuals,
leading to highly personalized and convincing
attacks. The diversity of these platforms,
ranging from social networks to professional
sites, offers attackers multiple avenues to
exploit, making it challenging for users to
identify malicious intents.
Psychological Social
Engineering
Attacks

In addition to the vast amount of personal

data shared online, the nature of these
attacks is shifting towards more psychological
social engineering tactics. These sophisticated
strategies are to tap into areas that
emotionally trigger victims. By doing so,
attackers can manipulate individuals more
effectively. This method is particularly
insidious as it exploits personal vulnerabilities
or sensitive areas. The ultimate goal of these
tactics is to coax victims into divulging private
and sensitive data.
Summary
• Defined Social Engineering

• Common Social Engineering Methods

• Impact to the organization and Elderly

• Prevention for elderly population and

the future

• What the future of social engineering

might look like
References

• Federal Bureau of Investigation: Internet Crime Report 2022

• "Elder Fraud: If a Former FBI/CIA Director Can Be Targeted, So Can You." FBI, 2021,
www.fbi.gov/news/stories/elder-fraud-video-031521.
• "FBI Springfield Warns of the Devastating Outcome of Elder Fraud." FBI Springfield, 2021,
www.fbi.gov/contact-us/field-offices/springfield/news/press-releases/fbi-springfield-warns-of-the-
devastating-outcome-of-elder-fraud
.
• Social Engineering and Psychology | Psychology Today
• The Role Of AI In Social Engineering (forbes.com)
• Social Engineering And Social Media: How to Stop Oversharing (securityintelligence.com)
• Grier, Denise. “The Elderly Are Special Targets of Scammers: This Is How Senior Citizens Can Prevent Being Taken Advantage Of.” MoneyThumb, 3 May 2023,
www.moneythumb.com/blog/the-elderly-are-special-targets-of-scammers-this-is-how-senior-citizens-can-prevent-being-taken-advantage-of/.

• Security, Staff Writer at LMG. “2023 MGM Breach: A Wake-up Call for Better Social Engineering Training for Employees.” LMG Security, 17 Oct. 2023,
www.lmgsecurity.com/2023-mgm-breach-a-wake-up-call-for-better-social-engineering-training-for-employees/.