| Summary: | Social engineering attacks have increased dramatically in the past few years. The case study that is described in this work involves the deception of a subordinate by someone posing as his or her superior. The attacker assumes the identity of a high-level person in the company, usually a Chief Executive Officer (CEO) whose actions are rarely questioned. The attacker poses as the CEO through a spoofed email address or even one that looks similar to the correct one, and then sends a message to his or her assistant or another person in the company that fields the CEO's requests. The message requests funds to be transferred through various methods ranging from wire transfers, credit card payments, and even the purchase of store gift cards. We believe that social engineering attacks that threaten personal and organizational information can be prevented by creating a cyber security awareness culture. Increasing awareness by drawing attention to the social engineering case that is discussed in this work is a step towards achieving this goal.
|
|---|
