A social engineering attack is an act of tricking or manipulating people to get confidential information from them for malicious purposes, seeking attention or financial gain. Some of examples of social engineering attacks include the ABN AMRO Bank theft and Associated Press Twitter Hijack. This paper discusses what caused each of the attacks and ways they could have been avoided.
Social Engineering Attacks Examples
The ABN AMRO Bank theft
It took place in 2007 and is considered one of the most expensive social engineering attacks in the world. The attack was perpetrated by an unidentified man who used an Argentinian password and managed to steal approximately 27.9 million dollars from ABN AMRO bank in Belgium (Hatfield, 2018). He was able to access the safe room and get away with diamonds and other gems by overcoming the bank’s security mechanisms. According to Hatfield (2018), the incidence is one of the most impressive social engineering attacks as not even one weapon was used. One of the methods he used to access the bank’s facilities was befriending the bank workers by giving them chocolate boxes which enabled him the original keys to make copies and got information about the location of the diamonds. The social engineering attack would not have taken place if the bank had installed automated doors rather than using the manual ones which need keys. More so, the attack could have been prevented if the bank had invested in cyber-literate employees as they could have detected the fraudster. More so, the fraudster would not have accessed the bank if the bank had invested and trained its employees on system protection. It is likely the thief had obtained some confidential information from the bank’s employees before conducting the attack.
Associated Press Twitter Hijack
It is a social engineering attack which occurred in 2013. The attack was perpetrated by the Syrian Electronic Army (SEA) who were able to hijack the Twitter account of the Associated Press and latter tweeted “Breaking: Two Explosions in the White House and Barack Obama is injured”(Aldawood & Skinner, 2018). The tweet resulted in several adverse effects such as the dropping of the stock market and fall of the Standard and Poor 500 index by 1%, among others (Aldawood & Skinner, 2018). The SEA was able to hijack the Twitter account through phishing email sent to some AP’s employees. The SEA used the Phishing technique on the company’s employees to hijack the Twitter account. Some of the ways the attack could have been prevented include: installation of anti-phishing toolbar on the company’s computer systems, investing in a SPAM filter that detects viruses, blank senders, and malicious emails as well as educating and training employees on several phishing techniques and how to prevent them.