Social Engineering Techniques

1.Very interesting, and you bring up the excellent point that the social media attacks stem from personnel weakness and with the Bitcoin scam greed or get rich quick.  We had a similar attack that happened a couple of years ago with a company I was working for that had access to many high-powered computing systems and had a cyber network engineer in charge of a department that monitored all of our connected systems to the internet.  He got the idea that he could use the computers and related systems to mine Bitcoin at work and run it in the background.  This worked for almost six months until a network support team came in when he was on vacation to update software, and they found the program.  He had mined nearly 3 million in Bitcoin from unknowing people in the office.  This cost the company almost 100000 dollars to fix because all the servers had to be replaced.  The person that did it took a plea and works with the FBI in cybercrimes.

2. Common methods of social engineering include e-mail, phone, social media, and inperson interaction (Woody, 2022). They all work around getting an enterprise user to allow an attack based on social interactions between the attacker and the user. Robinhood Investments was recently attacked when the attacker called the customer service line and was able to access 5 million email addresses as well as around 300 users date of births and zip codes (Social, 2021). I have never had a case of social engineering happen to me, but my grandparents have had attackers who claimed to have charged their card contact them. When they issued the 'refund' they claimed to have processed too much out of the refund, and that my grandparents owed them the extra back in gift cards. No personal data was given or asked for, but they almost purchased gift cards and gave them the gift card numbers. Giving users the knowledge needed to recognize and avoid social engineering attacks is key to preventing them (Parthy, 2019). Forced Multi-Factor Authentication would be a good shield against attacks if social engineering succeeds is a good system as well.