School Papers

Based credentials. In Reverse Social Engineering(RSE) attack, the

Based on my understanding, Social Engineering is a term for
defining wide range of malicious activities performed by a hacker to retrieve
the information about the computer systems. This usually happens when a hacker
identifies his victim/target by gathering all the required information (Ex: Weak
security protocols) and later breaks all the security practices that are being
implemented in the organization and thus disclosing the sensitive information.

Some of the important social engineering attacks are as

Phishing: This occurs when the victim of this
attack is tricked to open a malicious link leading to the installation of
malware thus revealing the sensitive information.

Baiting: As a result of victim’s curiosity,
hackers attract them into a trap where a malware will be installed into their
machine to steal the personal information. Ex: Trojan Virus

Pretexting: In this attack perpetrator creates a
scenario i.e., a false sense of truth for the victim to establish trust on them
so that they could perform a critical task with victim’s credentials.


In Reverse Social Engineering(RSE) attack, the victim approaches
the perpetrator without his/her knowledge. This might seem a bit unusual for a
victim going to attacker despite the fact that the attacker plays a trick (Ex:
Social Engineering attack) to make the victim believe that he is a part of
legitimate organization so that he could retrieve more information. Ex:
Technical Support Service. (Ira S. Winkler, 2012)


Some successful attacks in the recent years:

In 2017, Ransomware attack targeted the computer
systems running on MS Windows platform and demanded ransom in the form of
Bitcoin cryptocurrency.

In 2016, the biggest social engineering attack
occurred on Wall Street Tech firm, SS&C Technology which incurred a loss of
$6m USD to the company due to a business email scam.

In 2015, attackers targeted the finance department
of Ubiquiti Networks a San Jose based network equipment company which involved
fraudulent requests and employee impersonation. (Brian Honan, 2015)


Some recommendations on how to prevent such attacks:

By the purchase of anti-virus software apart
from review and frequent updates of organization’s security policy.

By not opening the emails and attachments from
untrusted sources. Ex: Phishing attack

Directly identifying the technical support
analysts during the issues with computer systems

Creating proper awareness among individuals and
improving the operational procedures for the employees to be diligent all the

Identifying all the vulnerabilities in the
organization and by configuring security alert system for each independent
attack.(SE and Prevention, WASC)